summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509v3
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/x509v3')
-rw-r--r--src/lib/libcrypto/x509v3/Makefile.ssl603
-rw-r--r--src/lib/libcrypto/x509v3/ext_dat.h118
-rw-r--r--src/lib/libcrypto/x509v3/v3_addr.c1280
-rw-r--r--src/lib/libcrypto/x509v3/v3_akey.c190
-rw-r--r--src/lib/libcrypto/x509v3/v3_akeya.c72
-rw-r--r--src/lib/libcrypto/x509v3/v3_alt.c458
-rw-r--r--src/lib/libcrypto/x509v3/v3_asid.c842
-rw-r--r--src/lib/libcrypto/x509v3/v3_bcons.c124
-rw-r--r--src/lib/libcrypto/x509v3/v3_bitst.c147
-rw-r--r--src/lib/libcrypto/x509v3/v3_conf.c485
-rw-r--r--src/lib/libcrypto/x509v3/v3_cpols.c431
-rw-r--r--src/lib/libcrypto/x509v3/v3_crld.c162
-rw-r--r--src/lib/libcrypto/x509v3/v3_enum.c94
-rw-r--r--src/lib/libcrypto/x509v3/v3_extku.c142
-rw-r--r--src/lib/libcrypto/x509v3/v3_genn.c101
-rw-r--r--src/lib/libcrypto/x509v3/v3_ia5.c116
-rw-r--r--src/lib/libcrypto/x509v3/v3_info.c194
-rw-r--r--src/lib/libcrypto/x509v3/v3_int.c76
-rw-r--r--src/lib/libcrypto/x509v3/v3_lib.c302
-rw-r--r--src/lib/libcrypto/x509v3/v3_ocsp.c275
-rw-r--r--src/lib/libcrypto/x509v3/v3_pci.c313
-rw-r--r--src/lib/libcrypto/x509v3/v3_pcia.c55
-rw-r--r--src/lib/libcrypto/x509v3/v3_pku.c108
-rw-r--r--src/lib/libcrypto/x509v3/v3_prn.c233
-rw-r--r--src/lib/libcrypto/x509v3/v3_purp.c647
-rw-r--r--src/lib/libcrypto/x509v3/v3_skey.c144
-rw-r--r--src/lib/libcrypto/x509v3/v3_sxnet.c262
-rw-r--r--src/lib/libcrypto/x509v3/v3_utl.c535
-rw-r--r--src/lib/libcrypto/x509v3/v3err.c197
-rw-r--r--src/lib/libcrypto/x509v3/x509v3.h687
30 files changed, 9393 insertions, 0 deletions
diff --git a/src/lib/libcrypto/x509v3/Makefile.ssl b/src/lib/libcrypto/x509v3/Makefile.ssl
new file mode 100644
index 0000000000..66df90c346
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/Makefile.ssl
@@ -0,0 +1,603 @@
1#
2# SSLeay/crypto/x509v3/Makefile
3#
4
5DIR= x509v3
6TOP= ../..
7CC= cc
8INCLUDES= -I.. -I$(TOP) -I../../include
9CFLAG=-g
10INSTALL_PREFIX=
11OPENSSLDIR= /usr/local/ssl
12INSTALLTOP=/usr/local/ssl
13MAKE= make -f Makefile.ssl
14MAKEDEPPROG= makedepend
15MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
16MAKEFILE= Makefile.ssl
17AR= ar r
18
19CFLAGS= $(INCLUDES) $(CFLAG)
20
21GENERAL=Makefile README
22TEST=
23APPS=
24
25LIB=$(TOP)/libcrypto.a
26LIBSRC= v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c v3_lib.c \
27v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c v3_pku.c \
28v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c v3_info.c \
29v3_ocsp.c v3_akeya.c
30LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \
31v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \
32v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o v3_crld.o v3_purp.o v3_info.o \
33v3_ocsp.o v3_akeya.o
34
35SRC= $(LIBSRC)
36
37EXHEADER= x509v3.h
38HEADER= $(EXHEADER)
39
40ALL= $(GENERAL) $(SRC) $(HEADER)
41
42top:
43 (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
44
45all: lib
46
47lib: $(LIBOBJ)
48 $(AR) $(LIB) $(LIBOBJ)
49 $(RANLIB) $(LIB) || echo Never mind.
50 @touch lib
51
52files:
53 $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
54
55links:
56 @sh $(TOP)/util/point.sh Makefile.ssl Makefile
57 @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
58 @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
59 @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
60
61install:
62 @for i in $(EXHEADER) ; \
63 do \
64 (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
65 chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
66 done;
67
68tags:
69 ctags $(SRC)
70
71tests:
72
73lint:
74 lint -DLINT $(INCLUDES) $(SRC)>fluff
75
76depend:
77 $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
78
79dclean:
80 $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
81 mv -f Makefile.new $(MAKEFILE)
82
83clean:
84 rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
85
86# DO NOT DELETE THIS LINE -- make depend depends on it.
87
88v3_akey.o: ../../e_os.h ../../include/openssl/aes.h
89v3_akey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
90v3_akey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
91v3_akey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
92v3_akey.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
93v3_akey.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
94v3_akey.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
95v3_akey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
96v3_akey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
97v3_akey.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
98v3_akey.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
99v3_akey.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
100v3_akey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
101v3_akey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
102v3_akey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
103v3_akey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
104v3_akey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
105v3_akey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
106v3_akey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
107v3_akey.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
108v3_akey.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
109v3_akey.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
110v3_akey.o: ../cryptlib.h v3_akey.c
111v3_akeya.o: ../../e_os.h ../../include/openssl/aes.h
112v3_akeya.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
113v3_akeya.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
114v3_akeya.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
115v3_akeya.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
116v3_akeya.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
117v3_akeya.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
118v3_akeya.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
119v3_akeya.o: ../../include/openssl/err.h ../../include/openssl/evp.h
120v3_akeya.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
121v3_akeya.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
122v3_akeya.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
123v3_akeya.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
124v3_akeya.o: ../../include/openssl/opensslconf.h
125v3_akeya.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
126v3_akeya.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
127v3_akeya.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
128v3_akeya.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
129v3_akeya.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
130v3_akeya.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
131v3_akeya.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
132v3_akeya.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
133v3_akeya.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_akeya.c
134v3_alt.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
135v3_alt.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
136v3_alt.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
137v3_alt.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
138v3_alt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
139v3_alt.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
140v3_alt.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
141v3_alt.o: ../../include/openssl/err.h ../../include/openssl/evp.h
142v3_alt.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
143v3_alt.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
144v3_alt.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
145v3_alt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
146v3_alt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
147v3_alt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
148v3_alt.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
149v3_alt.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
150v3_alt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
151v3_alt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
152v3_alt.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
153v3_alt.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
154v3_alt.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
155v3_alt.o: ../cryptlib.h v3_alt.c
156v3_bcons.o: ../../e_os.h ../../include/openssl/aes.h
157v3_bcons.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
158v3_bcons.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
159v3_bcons.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
160v3_bcons.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
161v3_bcons.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
162v3_bcons.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
163v3_bcons.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
164v3_bcons.o: ../../include/openssl/err.h ../../include/openssl/evp.h
165v3_bcons.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
166v3_bcons.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
167v3_bcons.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
168v3_bcons.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
169v3_bcons.o: ../../include/openssl/opensslconf.h
170v3_bcons.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
171v3_bcons.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
172v3_bcons.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
173v3_bcons.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
174v3_bcons.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
175v3_bcons.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
176v3_bcons.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
177v3_bcons.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
178v3_bcons.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_bcons.c
179v3_bitst.o: ../../e_os.h ../../include/openssl/aes.h
180v3_bitst.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
181v3_bitst.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
182v3_bitst.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
183v3_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
184v3_bitst.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
185v3_bitst.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
186v3_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
187v3_bitst.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
188v3_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
189v3_bitst.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
190v3_bitst.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
191v3_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
192v3_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
193v3_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
194v3_bitst.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
195v3_bitst.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
196v3_bitst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
197v3_bitst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
198v3_bitst.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
199v3_bitst.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
200v3_bitst.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_bitst.c
201v3_conf.o: ../../e_os.h ../../include/openssl/aes.h
202v3_conf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
203v3_conf.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
204v3_conf.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
205v3_conf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
206v3_conf.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
207v3_conf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
208v3_conf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
209v3_conf.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
210v3_conf.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
211v3_conf.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
212v3_conf.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
213v3_conf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
214v3_conf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
215v3_conf.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
216v3_conf.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
217v3_conf.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
218v3_conf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
219v3_conf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
220v3_conf.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
221v3_conf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
222v3_conf.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_conf.c
223v3_cpols.o: ../../e_os.h ../../include/openssl/aes.h
224v3_cpols.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
225v3_cpols.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
226v3_cpols.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
227v3_cpols.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
228v3_cpols.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
229v3_cpols.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
230v3_cpols.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
231v3_cpols.o: ../../include/openssl/err.h ../../include/openssl/evp.h
232v3_cpols.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
233v3_cpols.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
234v3_cpols.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
235v3_cpols.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
236v3_cpols.o: ../../include/openssl/opensslconf.h
237v3_cpols.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
238v3_cpols.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
239v3_cpols.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
240v3_cpols.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
241v3_cpols.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
242v3_cpols.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
243v3_cpols.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
244v3_cpols.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
245v3_cpols.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_cpols.c
246v3_crld.o: ../../e_os.h ../../include/openssl/aes.h
247v3_crld.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
248v3_crld.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
249v3_crld.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
250v3_crld.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
251v3_crld.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
252v3_crld.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
253v3_crld.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
254v3_crld.o: ../../include/openssl/err.h ../../include/openssl/evp.h
255v3_crld.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
256v3_crld.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
257v3_crld.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
258v3_crld.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
259v3_crld.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
260v3_crld.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
261v3_crld.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
262v3_crld.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
263v3_crld.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
264v3_crld.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
265v3_crld.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
266v3_crld.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
267v3_crld.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
268v3_crld.o: ../cryptlib.h v3_crld.c
269v3_enum.o: ../../e_os.h ../../include/openssl/aes.h
270v3_enum.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
271v3_enum.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
272v3_enum.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
273v3_enum.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
274v3_enum.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
275v3_enum.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
276v3_enum.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
277v3_enum.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
278v3_enum.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
279v3_enum.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
280v3_enum.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
281v3_enum.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
282v3_enum.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
283v3_enum.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
284v3_enum.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
285v3_enum.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
286v3_enum.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
287v3_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
288v3_enum.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
289v3_enum.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
290v3_enum.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_enum.c
291v3_extku.o: ../../e_os.h ../../include/openssl/aes.h
292v3_extku.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
293v3_extku.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
294v3_extku.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
295v3_extku.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
296v3_extku.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
297v3_extku.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
298v3_extku.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
299v3_extku.o: ../../include/openssl/err.h ../../include/openssl/evp.h
300v3_extku.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
301v3_extku.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
302v3_extku.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
303v3_extku.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
304v3_extku.o: ../../include/openssl/opensslconf.h
305v3_extku.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
306v3_extku.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
307v3_extku.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
308v3_extku.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
309v3_extku.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
310v3_extku.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
311v3_extku.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
312v3_extku.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
313v3_extku.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_extku.c
314v3_genn.o: ../../e_os.h ../../include/openssl/aes.h
315v3_genn.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
316v3_genn.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
317v3_genn.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
318v3_genn.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
319v3_genn.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
320v3_genn.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
321v3_genn.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
322v3_genn.o: ../../include/openssl/err.h ../../include/openssl/evp.h
323v3_genn.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
324v3_genn.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
325v3_genn.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
326v3_genn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
327v3_genn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
328v3_genn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
329v3_genn.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
330v3_genn.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
331v3_genn.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
332v3_genn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
333v3_genn.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
334v3_genn.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
335v3_genn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
336v3_genn.o: ../cryptlib.h v3_genn.c
337v3_ia5.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
338v3_ia5.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
339v3_ia5.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
340v3_ia5.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
341v3_ia5.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
342v3_ia5.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
343v3_ia5.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
344v3_ia5.o: ../../include/openssl/err.h ../../include/openssl/evp.h
345v3_ia5.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
346v3_ia5.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
347v3_ia5.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
348v3_ia5.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
349v3_ia5.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
350v3_ia5.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
351v3_ia5.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
352v3_ia5.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
353v3_ia5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
354v3_ia5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
355v3_ia5.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
356v3_ia5.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
357v3_ia5.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
358v3_ia5.o: ../cryptlib.h v3_ia5.c
359v3_info.o: ../../e_os.h ../../include/openssl/aes.h
360v3_info.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
361v3_info.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
362v3_info.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
363v3_info.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
364v3_info.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
365v3_info.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
366v3_info.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
367v3_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h
368v3_info.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
369v3_info.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
370v3_info.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
371v3_info.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
372v3_info.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
373v3_info.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
374v3_info.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
375v3_info.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
376v3_info.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
377v3_info.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
378v3_info.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
379v3_info.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
380v3_info.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
381v3_info.o: ../cryptlib.h v3_info.c
382v3_int.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
383v3_int.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
384v3_int.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
385v3_int.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
386v3_int.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
387v3_int.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
388v3_int.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
389v3_int.o: ../../include/openssl/err.h ../../include/openssl/evp.h
390v3_int.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
391v3_int.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
392v3_int.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
393v3_int.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
394v3_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
395v3_int.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
396v3_int.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
397v3_int.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
398v3_int.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
399v3_int.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
400v3_int.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
401v3_int.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
402v3_int.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
403v3_int.o: ../cryptlib.h v3_int.c
404v3_lib.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
405v3_lib.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
406v3_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
407v3_lib.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
408v3_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
409v3_lib.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
410v3_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
411v3_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
412v3_lib.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
413v3_lib.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
414v3_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
415v3_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
416v3_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
417v3_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
418v3_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
419v3_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
420v3_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
421v3_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
422v3_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
423v3_lib.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
424v3_lib.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
425v3_lib.o: ../cryptlib.h ext_dat.h v3_lib.c
426v3_ocsp.o: ../../e_os.h ../../include/openssl/aes.h
427v3_ocsp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
428v3_ocsp.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
429v3_ocsp.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
430v3_ocsp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
431v3_ocsp.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
432v3_ocsp.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
433v3_ocsp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
434v3_ocsp.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
435v3_ocsp.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
436v3_ocsp.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
437v3_ocsp.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
438v3_ocsp.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
439v3_ocsp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
440v3_ocsp.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
441v3_ocsp.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
442v3_ocsp.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
443v3_ocsp.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
444v3_ocsp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
445v3_ocsp.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
446v3_ocsp.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
447v3_ocsp.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
448v3_ocsp.o: ../cryptlib.h v3_ocsp.c
449v3_pku.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
450v3_pku.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
451v3_pku.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
452v3_pku.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
453v3_pku.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
454v3_pku.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
455v3_pku.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
456v3_pku.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
457v3_pku.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
458v3_pku.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
459v3_pku.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
460v3_pku.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
461v3_pku.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
462v3_pku.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
463v3_pku.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
464v3_pku.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
465v3_pku.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
466v3_pku.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
467v3_pku.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
468v3_pku.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
469v3_pku.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
470v3_pku.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_pku.c
471v3_prn.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
472v3_prn.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
473v3_prn.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
474v3_prn.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
475v3_prn.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
476v3_prn.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
477v3_prn.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
478v3_prn.o: ../../include/openssl/err.h ../../include/openssl/evp.h
479v3_prn.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
480v3_prn.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
481v3_prn.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
482v3_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
483v3_prn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
484v3_prn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
485v3_prn.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
486v3_prn.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
487v3_prn.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
488v3_prn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
489v3_prn.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
490v3_prn.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
491v3_prn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
492v3_prn.o: ../cryptlib.h v3_prn.c
493v3_purp.o: ../../e_os.h ../../include/openssl/aes.h
494v3_purp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
495v3_purp.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
496v3_purp.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
497v3_purp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
498v3_purp.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
499v3_purp.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
500v3_purp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
501v3_purp.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
502v3_purp.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
503v3_purp.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
504v3_purp.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
505v3_purp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
506v3_purp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
507v3_purp.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
508v3_purp.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
509v3_purp.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
510v3_purp.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
511v3_purp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
512v3_purp.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
513v3_purp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
514v3_purp.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_purp.c
515v3_skey.o: ../../e_os.h ../../include/openssl/aes.h
516v3_skey.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
517v3_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
518v3_skey.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
519v3_skey.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
520v3_skey.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
521v3_skey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
522v3_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
523v3_skey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
524v3_skey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
525v3_skey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
526v3_skey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
527v3_skey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
528v3_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
529v3_skey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
530v3_skey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
531v3_skey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
532v3_skey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
533v3_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
534v3_skey.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
535v3_skey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
536v3_skey.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_skey.c
537v3_sxnet.o: ../../e_os.h ../../include/openssl/aes.h
538v3_sxnet.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
539v3_sxnet.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
540v3_sxnet.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
541v3_sxnet.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
542v3_sxnet.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
543v3_sxnet.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
544v3_sxnet.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
545v3_sxnet.o: ../../include/openssl/err.h ../../include/openssl/evp.h
546v3_sxnet.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
547v3_sxnet.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
548v3_sxnet.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
549v3_sxnet.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
550v3_sxnet.o: ../../include/openssl/opensslconf.h
551v3_sxnet.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
552v3_sxnet.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
553v3_sxnet.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
554v3_sxnet.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
555v3_sxnet.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
556v3_sxnet.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
557v3_sxnet.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
558v3_sxnet.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
559v3_sxnet.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_sxnet.c
560v3_utl.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
561v3_utl.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
562v3_utl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
563v3_utl.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
564v3_utl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
565v3_utl.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
566v3_utl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
567v3_utl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
568v3_utl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
569v3_utl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
570v3_utl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
571v3_utl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
572v3_utl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
573v3_utl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
574v3_utl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
575v3_utl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
576v3_utl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
577v3_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
578v3_utl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
579v3_utl.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
580v3_utl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
581v3_utl.o: ../cryptlib.h v3_utl.c
582v3err.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
583v3err.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
584v3err.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
585v3err.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
586v3err.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
587v3err.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
588v3err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
589v3err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
590v3err.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
591v3err.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
592v3err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
593v3err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
594v3err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
595v3err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
596v3err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
597v3err.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
598v3err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
599v3err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
600v3err.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
601v3err.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
602v3err.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
603v3err.o: v3err.c
diff --git a/src/lib/libcrypto/x509v3/ext_dat.h b/src/lib/libcrypto/x509v3/ext_dat.h
new file mode 100644
index 0000000000..d8328ac468
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/ext_dat.h
@@ -0,0 +1,118 @@
1/* ext_dat.h */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58/* This file contains a table of "standard" extensions */
59
60extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;
61extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo;
62extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
63extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate;
64extern X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld;
65extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff;
66extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc;
67extern X509V3_EXT_METHOD v3_crl_hold, v3_pci;
68
69/* This table will be searched using OBJ_bsearch so it *must* kept in
70 * order of the ext_nid values.
71 */
72
73static X509V3_EXT_METHOD *standard_exts[] = {
74&v3_nscert,
75&v3_ns_ia5_list[0],
76&v3_ns_ia5_list[1],
77&v3_ns_ia5_list[2],
78&v3_ns_ia5_list[3],
79&v3_ns_ia5_list[4],
80&v3_ns_ia5_list[5],
81&v3_ns_ia5_list[6],
82&v3_skey_id,
83&v3_key_usage,
84&v3_pkey_usage_period,
85&v3_alt[0],
86&v3_alt[1],
87&v3_bcons,
88&v3_crl_num,
89&v3_cpols,
90&v3_akey_id,
91&v3_crld,
92&v3_ext_ku,
93&v3_delta_crl,
94&v3_crl_reason,
95#ifndef OPENSSL_NO_OCSP
96&v3_crl_invdate,
97#endif
98&v3_sxnet,
99&v3_info,
100#ifndef OPENSSL_NO_OCSP
101&v3_ocsp_nonce,
102&v3_ocsp_crlid,
103&v3_ocsp_accresp,
104&v3_ocsp_nocheck,
105&v3_ocsp_acutoff,
106&v3_ocsp_serviceloc,
107#endif
108&v3_sinfo,
109#ifndef OPENSSL_NO_OCSP
110&v3_crl_hold,
111#endif
112&v3_pci,
113};
114
115/* Number of standard extensions */
116
117#define STANDARD_EXTENSION_COUNT (sizeof(standard_exts)/sizeof(X509V3_EXT_METHOD *))
118
diff --git a/src/lib/libcrypto/x509v3/v3_addr.c b/src/lib/libcrypto/x509v3/v3_addr.c
new file mode 100644
index 0000000000..ed9847b307
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_addr.c
@@ -0,0 +1,1280 @@
1/*
2 * Contributed to the OpenSSL Project by the American Registry for
3 * Internet Numbers ("ARIN").
4 */
5/* ====================================================================
6 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 */
57
58/*
59 * Implementation of RFC 3779 section 2.2.
60 */
61
62#include <stdio.h>
63#include <stdlib.h>
64#include <assert.h>
65#include "cryptlib.h"
66#include <openssl/conf.h>
67#include <openssl/asn1.h>
68#include <openssl/asn1t.h>
69#include <openssl/buffer.h>
70#include <openssl/x509v3.h>
71
72#ifndef OPENSSL_NO_RFC3779
73
74/*
75 * OpenSSL ASN.1 template translation of RFC 3779 2.2.3.
76 */
77
78ASN1_SEQUENCE(IPAddressRange) = {
79 ASN1_SIMPLE(IPAddressRange, min, ASN1_BIT_STRING),
80 ASN1_SIMPLE(IPAddressRange, max, ASN1_BIT_STRING)
81} ASN1_SEQUENCE_END(IPAddressRange)
82
83ASN1_CHOICE(IPAddressOrRange) = {
84 ASN1_SIMPLE(IPAddressOrRange, u.addressPrefix, ASN1_BIT_STRING),
85 ASN1_SIMPLE(IPAddressOrRange, u.addressRange, IPAddressRange)
86} ASN1_CHOICE_END(IPAddressOrRange)
87
88ASN1_CHOICE(IPAddressChoice) = {
89 ASN1_SIMPLE(IPAddressChoice, u.inherit, ASN1_NULL),
90 ASN1_SEQUENCE_OF(IPAddressChoice, u.addressesOrRanges, IPAddressOrRange)
91} ASN1_CHOICE_END(IPAddressChoice)
92
93ASN1_SEQUENCE(IPAddressFamily) = {
94 ASN1_SIMPLE(IPAddressFamily, addressFamily, ASN1_OCTET_STRING),
95 ASN1_SIMPLE(IPAddressFamily, ipAddressChoice, IPAddressChoice)
96} ASN1_SEQUENCE_END(IPAddressFamily)
97
98ASN1_ITEM_TEMPLATE(IPAddrBlocks) =
99 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0,
100 IPAddrBlocks, IPAddressFamily)
101ASN1_ITEM_TEMPLATE_END(IPAddrBlocks)
102
103IMPLEMENT_ASN1_FUNCTIONS(IPAddressRange)
104IMPLEMENT_ASN1_FUNCTIONS(IPAddressOrRange)
105IMPLEMENT_ASN1_FUNCTIONS(IPAddressChoice)
106IMPLEMENT_ASN1_FUNCTIONS(IPAddressFamily)
107
108/*
109 * How much buffer space do we need for a raw address?
110 */
111#define ADDR_RAW_BUF_LEN 16
112
113/*
114 * What's the address length associated with this AFI?
115 */
116static int length_from_afi(const unsigned afi)
117{
118 switch (afi) {
119 case IANA_AFI_IPV4:
120 return 4;
121 case IANA_AFI_IPV6:
122 return 16;
123 default:
124 return 0;
125 }
126}
127
128/*
129 * Extract the AFI from an IPAddressFamily.
130 */
131unsigned v3_addr_get_afi(const IPAddressFamily *f)
132{
133 return ((f != NULL &&
134 f->addressFamily != NULL &&
135 f->addressFamily->data != NULL)
136 ? ((f->addressFamily->data[0] << 8) |
137 (f->addressFamily->data[1]))
138 : 0);
139}
140
141/*
142 * Expand the bitstring form of an address into a raw byte array.
143 * At the moment this is coded for simplicity, not speed.
144 */
145static void addr_expand(unsigned char *addr,
146 const ASN1_BIT_STRING *bs,
147 const int length,
148 const unsigned char fill)
149{
150 assert(bs->length >= 0 && bs->length <= length);
151 if (bs->length > 0) {
152 memcpy(addr, bs->data, bs->length);
153 if ((bs->flags & 7) != 0) {
154 unsigned char mask = 0xFF >> (8 - (bs->flags & 7));
155 if (fill == 0)
156 addr[bs->length - 1] &= ~mask;
157 else
158 addr[bs->length - 1] |= mask;
159 }
160 }
161 memset(addr + bs->length, fill, length - bs->length);
162}
163
164/*
165 * Extract the prefix length from a bitstring.
166 */
167#define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7)))
168
169/*
170 * i2r handler for one address bitstring.
171 */
172static int i2r_address(BIO *out,
173 const unsigned afi,
174 const unsigned char fill,
175 const ASN1_BIT_STRING *bs)
176{
177 unsigned char addr[ADDR_RAW_BUF_LEN];
178 int i, n;
179
180 switch (afi) {
181 case IANA_AFI_IPV4:
182 addr_expand(addr, bs, 4, fill);
183 BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]);
184 break;
185 case IANA_AFI_IPV6:
186 addr_expand(addr, bs, 16, fill);
187 for (n = 16; n > 1 && addr[n-1] == 0x00 && addr[n-2] == 0x00; n -= 2)
188 ;
189 for (i = 0; i < n; i += 2)
190 BIO_printf(out, "%x%s", (addr[i] << 8) | addr[i+1], (i < 14 ? ":" : ""));
191 if (i < 16)
192 BIO_puts(out, ":");
193 break;
194 default:
195 for (i = 0; i < bs->length; i++)
196 BIO_printf(out, "%s%02x", (i > 0 ? ":" : ""), bs->data[i]);
197 BIO_printf(out, "[%d]", (int) (bs->flags & 7));
198 break;
199 }
200 return 1;
201}
202
203/*
204 * i2r handler for a sequence of addresses and ranges.
205 */
206static int i2r_IPAddressOrRanges(BIO *out,
207 const int indent,
208 const IPAddressOrRanges *aors,
209 const unsigned afi)
210{
211 int i;
212 for (i = 0; i < sk_IPAddressOrRange_num(aors); i++) {
213 const IPAddressOrRange *aor = sk_IPAddressOrRange_value(aors, i);
214 BIO_printf(out, "%*s", indent, "");
215 switch (aor->type) {
216 case IPAddressOrRange_addressPrefix:
217 if (!i2r_address(out, afi, 0x00, aor->u.addressPrefix))
218 return 0;
219 BIO_printf(out, "/%d\n", addr_prefixlen(aor->u.addressPrefix));
220 continue;
221 case IPAddressOrRange_addressRange:
222 if (!i2r_address(out, afi, 0x00, aor->u.addressRange->min))
223 return 0;
224 BIO_puts(out, "-");
225 if (!i2r_address(out, afi, 0xFF, aor->u.addressRange->max))
226 return 0;
227 BIO_puts(out, "\n");
228 continue;
229 }
230 }
231 return 1;
232}
233
234/*
235 * i2r handler for an IPAddrBlocks extension.
236 */
237static int i2r_IPAddrBlocks(X509V3_EXT_METHOD *method,
238 void *ext,
239 BIO *out,
240 int indent)
241{
242 const IPAddrBlocks *addr = ext;
243 int i;
244 for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
245 IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
246 const unsigned afi = v3_addr_get_afi(f);
247 switch (afi) {
248 case IANA_AFI_IPV4:
249 BIO_printf(out, "%*sIPv4", indent, "");
250 break;
251 case IANA_AFI_IPV6:
252 BIO_printf(out, "%*sIPv6", indent, "");
253 break;
254 default:
255 BIO_printf(out, "%*sUnknown AFI %u", indent, "", afi);
256 break;
257 }
258 if (f->addressFamily->length > 2) {
259 switch (f->addressFamily->data[2]) {
260 case 1:
261 BIO_puts(out, " (Unicast)");
262 break;
263 case 2:
264 BIO_puts(out, " (Multicast)");
265 break;
266 case 3:
267 BIO_puts(out, " (Unicast/Multicast)");
268 break;
269 case 4:
270 BIO_puts(out, " (MPLS)");
271 break;
272 case 64:
273 BIO_puts(out, " (Tunnel)");
274 break;
275 case 65:
276 BIO_puts(out, " (VPLS)");
277 break;
278 case 66:
279 BIO_puts(out, " (BGP MDT)");
280 break;
281 case 128:
282 BIO_puts(out, " (MPLS-labeled VPN)");
283 break;
284 default:
285 BIO_printf(out, " (Unknown SAFI %u)",
286 (unsigned) f->addressFamily->data[2]);
287 break;
288 }
289 }
290 switch (f->ipAddressChoice->type) {
291 case IPAddressChoice_inherit:
292 BIO_puts(out, ": inherit\n");
293 break;
294 case IPAddressChoice_addressesOrRanges:
295 BIO_puts(out, ":\n");
296 if (!i2r_IPAddressOrRanges(out,
297 indent + 2,
298 f->ipAddressChoice->u.addressesOrRanges,
299 afi))
300 return 0;
301 break;
302 }
303 }
304 return 1;
305}
306
307/*
308 * Sort comparison function for a sequence of IPAddressOrRange
309 * elements.
310 */
311static int IPAddressOrRange_cmp(const IPAddressOrRange *a,
312 const IPAddressOrRange *b,
313 const int length)
314{
315 unsigned char addr_a[ADDR_RAW_BUF_LEN], addr_b[ADDR_RAW_BUF_LEN];
316 int prefixlen_a = 0;
317 int prefixlen_b = 0;
318 int r;
319
320 switch (a->type) {
321 case IPAddressOrRange_addressPrefix:
322 addr_expand(addr_a, a->u.addressPrefix, length, 0x00);
323 prefixlen_a = addr_prefixlen(a->u.addressPrefix);
324 break;
325 case IPAddressOrRange_addressRange:
326 addr_expand(addr_a, a->u.addressRange->min, length, 0x00);
327 prefixlen_a = length * 8;
328 break;
329 }
330
331 switch (b->type) {
332 case IPAddressOrRange_addressPrefix:
333 addr_expand(addr_b, b->u.addressPrefix, length, 0x00);
334 prefixlen_b = addr_prefixlen(b->u.addressPrefix);
335 break;
336 case IPAddressOrRange_addressRange:
337 addr_expand(addr_b, b->u.addressRange->min, length, 0x00);
338 prefixlen_b = length * 8;
339 break;
340 }
341
342 if ((r = memcmp(addr_a, addr_b, length)) != 0)
343 return r;
344 else
345 return prefixlen_a - prefixlen_b;
346}
347
348/*
349 * IPv4-specific closure over IPAddressOrRange_cmp, since sk_sort()
350 * comparision routines are only allowed two arguments.
351 */
352static int v4IPAddressOrRange_cmp(const IPAddressOrRange * const *a,
353 const IPAddressOrRange * const *b)
354{
355 return IPAddressOrRange_cmp(*a, *b, 4);
356}
357
358/*
359 * IPv6-specific closure over IPAddressOrRange_cmp, since sk_sort()
360 * comparision routines are only allowed two arguments.
361 */
362static int v6IPAddressOrRange_cmp(const IPAddressOrRange * const *a,
363 const IPAddressOrRange * const *b)
364{
365 return IPAddressOrRange_cmp(*a, *b, 16);
366}
367
368/*
369 * Calculate whether a range collapses to a prefix.
370 * See last paragraph of RFC 3779 2.2.3.7.
371 */
372static int range_should_be_prefix(const unsigned char *min,
373 const unsigned char *max,
374 const int length)
375{
376 unsigned char mask;
377 int i, j;
378
379 for (i = 0; i < length && min[i] == max[i]; i++)
380 ;
381 for (j = length - 1; j >= 0 && min[j] == 0x00 && max[j] == 0xFF; j--)
382 ;
383 if (i < j)
384 return -1;
385 if (i > j)
386 return i * 8;
387 mask = min[i] ^ max[i];
388 switch (mask) {
389 case 0x01: j = 7; break;
390 case 0x03: j = 6; break;
391 case 0x07: j = 5; break;
392 case 0x0F: j = 4; break;
393 case 0x1F: j = 3; break;
394 case 0x3F: j = 2; break;
395 case 0x7F: j = 1; break;
396 default: return -1;
397 }
398 if ((min[i] & mask) != 0 || (max[i] & mask) != mask)
399 return -1;
400 else
401 return i * 8 + j;
402}
403
404/*
405 * Construct a prefix.
406 */
407static int make_addressPrefix(IPAddressOrRange **result,
408 unsigned char *addr,
409 const int prefixlen)
410{
411 int bytelen = (prefixlen + 7) / 8, bitlen = prefixlen % 8;
412 IPAddressOrRange *aor = IPAddressOrRange_new();
413
414 if (aor == NULL)
415 return 0;
416 aor->type = IPAddressOrRange_addressPrefix;
417 if (aor->u.addressPrefix == NULL &&
418 (aor->u.addressPrefix = ASN1_BIT_STRING_new()) == NULL)
419 goto err;
420 if (!ASN1_BIT_STRING_set(aor->u.addressPrefix, addr, bytelen))
421 goto err;
422 aor->u.addressPrefix->flags &= ~7;
423 aor->u.addressPrefix->flags |= ASN1_STRING_FLAG_BITS_LEFT;
424 if (bitlen > 0) {
425 aor->u.addressPrefix->data[bytelen - 1] &= ~(0xFF >> bitlen);
426 aor->u.addressPrefix->flags |= 8 - bitlen;
427 }
428
429 *result = aor;
430 return 1;
431
432 err:
433 IPAddressOrRange_free(aor);
434 return 0;
435}
436
437/*
438 * Construct a range. If it can be expressed as a prefix,
439 * return a prefix instead. Doing this here simplifies
440 * the rest of the code considerably.
441 */
442static int make_addressRange(IPAddressOrRange **result,
443 unsigned char *min,
444 unsigned char *max,
445 const int length)
446{
447 IPAddressOrRange *aor;
448 int i, prefixlen;
449
450 if ((prefixlen = range_should_be_prefix(min, max, length)) >= 0)
451 return make_addressPrefix(result, min, prefixlen);
452
453 if ((aor = IPAddressOrRange_new()) == NULL)
454 return 0;
455 aor->type = IPAddressOrRange_addressRange;
456 assert(aor->u.addressRange == NULL);
457 if ((aor->u.addressRange = IPAddressRange_new()) == NULL)
458 goto err;
459 if (aor->u.addressRange->min == NULL &&
460 (aor->u.addressRange->min = ASN1_BIT_STRING_new()) == NULL)
461 goto err;
462 if (aor->u.addressRange->max == NULL &&
463 (aor->u.addressRange->max = ASN1_BIT_STRING_new()) == NULL)
464 goto err;
465
466 for (i = length; i > 0 && min[i - 1] == 0x00; --i)
467 ;
468 if (!ASN1_BIT_STRING_set(aor->u.addressRange->min, min, i))
469 goto err;
470 aor->u.addressRange->min->flags &= ~7;
471 aor->u.addressRange->min->flags |= ASN1_STRING_FLAG_BITS_LEFT;
472 if (i > 0) {
473 unsigned char b = min[i - 1];
474 int j = 1;
475 while ((b & (0xFFU >> j)) != 0)
476 ++j;
477 aor->u.addressRange->min->flags |= 8 - j;
478 }
479
480 for (i = length; i > 0 && max[i - 1] == 0xFF; --i)
481 ;
482 if (!ASN1_BIT_STRING_set(aor->u.addressRange->max, max, i))
483 goto err;
484 aor->u.addressRange->max->flags &= ~7;
485 aor->u.addressRange->max->flags |= ASN1_STRING_FLAG_BITS_LEFT;
486 if (i > 0) {
487 unsigned char b = max[i - 1];
488 int j = 1;
489 while ((b & (0xFFU >> j)) != (0xFFU >> j))
490 ++j;
491 aor->u.addressRange->max->flags |= 8 - j;
492 }
493
494 *result = aor;
495 return 1;
496
497 err:
498 IPAddressOrRange_free(aor);
499 return 0;
500}
501
502/*
503 * Construct a new address family or find an existing one.
504 */
505static IPAddressFamily *make_IPAddressFamily(IPAddrBlocks *addr,
506 const unsigned afi,
507 const unsigned *safi)
508{
509 IPAddressFamily *f;
510 unsigned char key[3];
511 unsigned keylen;
512 int i;
513
514 key[0] = (afi >> 8) & 0xFF;
515 key[1] = afi & 0xFF;
516 if (safi != NULL) {
517 key[2] = *safi & 0xFF;
518 keylen = 3;
519 } else {
520 keylen = 2;
521 }
522
523 for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
524 f = sk_IPAddressFamily_value(addr, i);
525 assert(f->addressFamily->data != NULL);
526 if (f->addressFamily->length == keylen &&
527 !memcmp(f->addressFamily->data, key, keylen))
528 return f;
529 }
530
531 if ((f = IPAddressFamily_new()) == NULL)
532 goto err;
533 if (f->ipAddressChoice == NULL &&
534 (f->ipAddressChoice = IPAddressChoice_new()) == NULL)
535 goto err;
536 if (f->addressFamily == NULL &&
537 (f->addressFamily = ASN1_OCTET_STRING_new()) == NULL)
538 goto err;
539 if (!ASN1_OCTET_STRING_set(f->addressFamily, key, keylen))
540 goto err;
541 if (!sk_IPAddressFamily_push(addr, f))
542 goto err;
543
544 return f;
545
546 err:
547 IPAddressFamily_free(f);
548 return NULL;
549}
550
551/*
552 * Add an inheritance element.
553 */
554int v3_addr_add_inherit(IPAddrBlocks *addr,
555 const unsigned afi,
556 const unsigned *safi)
557{
558 IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi);
559 if (f == NULL ||
560 f->ipAddressChoice == NULL ||
561 (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges &&
562 f->ipAddressChoice->u.addressesOrRanges != NULL))
563 return 0;
564 if (f->ipAddressChoice->type == IPAddressChoice_inherit &&
565 f->ipAddressChoice->u.inherit != NULL)
566 return 1;
567 if (f->ipAddressChoice->u.inherit == NULL &&
568 (f->ipAddressChoice->u.inherit = ASN1_NULL_new()) == NULL)
569 return 0;
570 f->ipAddressChoice->type = IPAddressChoice_inherit;
571 return 1;
572}
573
574/*
575 * Construct an IPAddressOrRange sequence, or return an existing one.
576 */
577static IPAddressOrRanges *make_prefix_or_range(IPAddrBlocks *addr,
578 const unsigned afi,
579 const unsigned *safi)
580{
581 IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi);
582 IPAddressOrRanges *aors = NULL;
583
584 if (f == NULL ||
585 f->ipAddressChoice == NULL ||
586 (f->ipAddressChoice->type == IPAddressChoice_inherit &&
587 f->ipAddressChoice->u.inherit != NULL))
588 return NULL;
589 if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges)
590 aors = f->ipAddressChoice->u.addressesOrRanges;
591 if (aors != NULL)
592 return aors;
593 if ((aors = sk_IPAddressOrRange_new_null()) == NULL)
594 return NULL;
595 switch (afi) {
596 case IANA_AFI_IPV4:
597 sk_IPAddressOrRange_set_cmp_func(aors, v4IPAddressOrRange_cmp);
598 break;
599 case IANA_AFI_IPV6:
600 sk_IPAddressOrRange_set_cmp_func(aors, v6IPAddressOrRange_cmp);
601 break;
602 }
603 f->ipAddressChoice->type = IPAddressChoice_addressesOrRanges;
604 f->ipAddressChoice->u.addressesOrRanges = aors;
605 return aors;
606}
607
608/*
609 * Add a prefix.
610 */
611int v3_addr_add_prefix(IPAddrBlocks *addr,
612 const unsigned afi,
613 const unsigned *safi,
614 unsigned char *a,
615 const int prefixlen)
616{
617 IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi);
618 IPAddressOrRange *aor;
619 if (aors == NULL || !make_addressPrefix(&aor, a, prefixlen))
620 return 0;
621 if (sk_IPAddressOrRange_push(aors, aor))
622 return 1;
623 IPAddressOrRange_free(aor);
624 return 0;
625}
626
627/*
628 * Add a range.
629 */
630int v3_addr_add_range(IPAddrBlocks *addr,
631 const unsigned afi,
632 const unsigned *safi,
633 unsigned char *min,
634 unsigned char *max)
635{
636 IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi);
637 IPAddressOrRange *aor;
638 int length = length_from_afi(afi);
639 if (aors == NULL)
640 return 0;
641 if (!make_addressRange(&aor, min, max, length))
642 return 0;
643 if (sk_IPAddressOrRange_push(aors, aor))
644 return 1;
645 IPAddressOrRange_free(aor);
646 return 0;
647}
648
649/*
650 * Extract min and max values from an IPAddressOrRange.
651 */
652static void extract_min_max(IPAddressOrRange *aor,
653 unsigned char *min,
654 unsigned char *max,
655 int length)
656{
657 assert(aor != NULL && min != NULL && max != NULL);
658 switch (aor->type) {
659 case IPAddressOrRange_addressPrefix:
660 addr_expand(min, aor->u.addressPrefix, length, 0x00);
661 addr_expand(max, aor->u.addressPrefix, length, 0xFF);
662 return;
663 case IPAddressOrRange_addressRange:
664 addr_expand(min, aor->u.addressRange->min, length, 0x00);
665 addr_expand(max, aor->u.addressRange->max, length, 0xFF);
666 return;
667 }
668}
669
670/*
671 * Public wrapper for extract_min_max().
672 */
673int v3_addr_get_range(IPAddressOrRange *aor,
674 const unsigned afi,
675 unsigned char *min,
676 unsigned char *max,
677 const int length)
678{
679 int afi_length = length_from_afi(afi);
680 if (aor == NULL || min == NULL || max == NULL ||
681 afi_length == 0 || length < afi_length ||
682 (aor->type != IPAddressOrRange_addressPrefix &&
683 aor->type != IPAddressOrRange_addressRange))
684 return 0;
685 extract_min_max(aor, min, max, afi_length);
686 return afi_length;
687}
688
689/*
690 * Sort comparision function for a sequence of IPAddressFamily.
691 *
692 * The last paragraph of RFC 3779 2.2.3.3 is slightly ambiguous about
693 * the ordering: I can read it as meaning that IPv6 without a SAFI
694 * comes before IPv4 with a SAFI, which seems pretty weird. The
695 * examples in appendix B suggest that the author intended the
696 * null-SAFI rule to apply only within a single AFI, which is what I
697 * would have expected and is what the following code implements.
698 */
699static int IPAddressFamily_cmp(const IPAddressFamily * const *a_,
700 const IPAddressFamily * const *b_)
701{
702 const ASN1_OCTET_STRING *a = (*a_)->addressFamily;
703 const ASN1_OCTET_STRING *b = (*b_)->addressFamily;
704 int len = ((a->length <= b->length) ? a->length : b->length);
705 int cmp = memcmp(a->data, b->data, len);
706 return cmp ? cmp : a->length - b->length;
707}
708
709/*
710 * Check whether an IPAddrBLocks is in canonical form.
711 */
712int v3_addr_is_canonical(IPAddrBlocks *addr)
713{
714 unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
715 unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN];
716 IPAddressOrRanges *aors;
717 int i, j, k;
718
719 /*
720 * Empty extension is cannonical.
721 */
722 if (addr == NULL)
723 return 1;
724
725 /*
726 * Check whether the top-level list is in order.
727 */
728 for (i = 0; i < sk_IPAddressFamily_num(addr) - 1; i++) {
729 const IPAddressFamily *a = sk_IPAddressFamily_value(addr, i);
730 const IPAddressFamily *b = sk_IPAddressFamily_value(addr, i + 1);
731 if (IPAddressFamily_cmp(&a, &b) >= 0)
732 return 0;
733 }
734
735 /*
736 * Top level's ok, now check each address family.
737 */
738 for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
739 IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
740 int length = length_from_afi(v3_addr_get_afi(f));
741
742 /*
743 * Inheritance is canonical. Anything other than inheritance or
744 * a SEQUENCE OF IPAddressOrRange is an ASN.1 error or something.
745 */
746 if (f == NULL || f->ipAddressChoice == NULL)
747 return 0;
748 switch (f->ipAddressChoice->type) {
749 case IPAddressChoice_inherit:
750 continue;
751 case IPAddressChoice_addressesOrRanges:
752 break;
753 default:
754 return 0;
755 }
756
757 /*
758 * It's an IPAddressOrRanges sequence, check it.
759 */
760 aors = f->ipAddressChoice->u.addressesOrRanges;
761 if (sk_IPAddressOrRange_num(aors) == 0)
762 return 0;
763 for (j = 0; j < sk_IPAddressOrRange_num(aors) - 1; j++) {
764 IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
765 IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, j + 1);
766
767 extract_min_max(a, a_min, a_max, length);
768 extract_min_max(b, b_min, b_max, length);
769
770 /*
771 * Punt misordered list, overlapping start, or inverted range.
772 */
773 if (memcmp(a_min, b_min, length) >= 0 ||
774 memcmp(a_min, a_max, length) > 0 ||
775 memcmp(b_min, b_max, length) > 0)
776 return 0;
777
778 /*
779 * Punt if adjacent or overlapping. Check for adjacency by
780 * subtracting one from b_min first.
781 */
782 for (k = length - 1; k >= 0 && b_min[k]-- == 0x00; k--)
783 ;
784 if (memcmp(a_max, b_min, length) >= 0)
785 return 0;
786
787 /*
788 * Check for range that should be expressed as a prefix.
789 */
790 if (a->type == IPAddressOrRange_addressRange &&
791 range_should_be_prefix(a_min, a_max, length) >= 0)
792 return 0;
793 }
794
795 /*
796 * Check final range to see if it should be a prefix.
797 */
798 j = sk_IPAddressOrRange_num(aors) - 1;
799 {
800 IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
801 if (a->type == IPAddressOrRange_addressRange) {
802 extract_min_max(a, a_min, a_max, length);
803 if (range_should_be_prefix(a_min, a_max, length) >= 0)
804 return 0;
805 }
806 }
807 }
808
809 /*
810 * If we made it through all that, we're happy.
811 */
812 return 1;
813}
814
815/*
816 * Whack an IPAddressOrRanges into canonical form.
817 */
818static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors,
819 const unsigned afi)
820{
821 int i, j, length = length_from_afi(afi);
822
823 /*
824 * Sort the IPAddressOrRanges sequence.
825 */
826 sk_IPAddressOrRange_sort(aors);
827
828 /*
829 * Clean up representation issues, punt on duplicates or overlaps.
830 */
831 for (i = 0; i < sk_IPAddressOrRange_num(aors) - 1; i++) {
832 IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, i);
833 IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, i + 1);
834 unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
835 unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN];
836
837 extract_min_max(a, a_min, a_max, length);
838 extract_min_max(b, b_min, b_max, length);
839
840 /*
841 * Punt overlaps.
842 */
843 if (memcmp(a_max, b_min, length) >= 0)
844 return 0;
845
846 /*
847 * Merge if a and b are adjacent. We check for
848 * adjacency by subtracting one from b_min first.
849 */
850 for (j = length - 1; j >= 0 && b_min[j]-- == 0x00; j--)
851 ;
852 if (memcmp(a_max, b_min, length) == 0) {
853 IPAddressOrRange *merged;
854 if (!make_addressRange(&merged, a_min, b_max, length))
855 return 0;
856 sk_IPAddressOrRange_set(aors, i, merged);
857 sk_IPAddressOrRange_delete(aors, i + 1);
858 IPAddressOrRange_free(a);
859 IPAddressOrRange_free(b);
860 --i;
861 continue;
862 }
863 }
864
865 return 1;
866}
867
868/*
869 * Whack an IPAddrBlocks extension into canonical form.
870 */
871int v3_addr_canonize(IPAddrBlocks *addr)
872{
873 int i;
874 for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
875 IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
876 if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges &&
877 !IPAddressOrRanges_canonize(f->ipAddressChoice->u.addressesOrRanges,
878 v3_addr_get_afi(f)))
879 return 0;
880 }
881 sk_IPAddressFamily_sort(addr);
882 assert(v3_addr_is_canonical(addr));
883 return 1;
884}
885
886/*
887 * v2i handler for the IPAddrBlocks extension.
888 */
889static void *v2i_IPAddrBlocks(struct v3_ext_method *method,
890 struct v3_ext_ctx *ctx,
891 STACK_OF(CONF_VALUE) *values)
892{
893 static const char v4addr_chars[] = "0123456789.";
894 static const char v6addr_chars[] = "0123456789.:abcdefABCDEF";
895 IPAddrBlocks *addr = NULL;
896 char *s = NULL, *t;
897 int i;
898
899 if ((addr = sk_IPAddressFamily_new(IPAddressFamily_cmp)) == NULL) {
900 X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
901 return NULL;
902 }
903
904 for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
905 CONF_VALUE *val = sk_CONF_VALUE_value(values, i);
906 unsigned char min[ADDR_RAW_BUF_LEN], max[ADDR_RAW_BUF_LEN];
907 unsigned afi, *safi = NULL, safi_;
908 const char *addr_chars;
909 int prefixlen, i1, i2, delim, length;
910
911 if ( !name_cmp(val->name, "IPv4")) {
912 afi = IANA_AFI_IPV4;
913 } else if (!name_cmp(val->name, "IPv6")) {
914 afi = IANA_AFI_IPV6;
915 } else if (!name_cmp(val->name, "IPv4-SAFI")) {
916 afi = IANA_AFI_IPV4;
917 safi = &safi_;
918 } else if (!name_cmp(val->name, "IPv6-SAFI")) {
919 afi = IANA_AFI_IPV6;
920 safi = &safi_;
921 } else {
922 X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_NAME_ERROR);
923 X509V3_conf_err(val);
924 goto err;
925 }
926
927 switch (afi) {
928 case IANA_AFI_IPV4:
929 addr_chars = v4addr_chars;
930 break;
931 case IANA_AFI_IPV6:
932 addr_chars = v6addr_chars;
933 break;
934 }
935
936 length = length_from_afi(afi);
937
938 /*
939 * Handle SAFI, if any, and BUF_strdup() so we can null-terminate
940 * the other input values.
941 */
942 if (safi != NULL) {
943 *safi = strtoul(val->value, &t, 0);
944 t += strspn(t, " \t");
945 if (*safi > 0xFF || *t++ != ':') {
946 X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_SAFI);
947 X509V3_conf_err(val);
948 goto err;
949 }
950 t += strspn(t, " \t");
951 s = BUF_strdup(t);
952 } else {
953 s = BUF_strdup(val->value);
954 }
955 if (s == NULL) {
956 X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
957 goto err;
958 }
959
960 /*
961 * Check for inheritance. Not worth additional complexity to
962 * optimize this (seldom-used) case.
963 */
964 if (!strcmp(s, "inherit")) {
965 if (!v3_addr_add_inherit(addr, afi, safi)) {
966 X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_INHERITANCE);
967 X509V3_conf_err(val);
968 goto err;
969 }
970 OPENSSL_free(s);
971 s = NULL;
972 continue;
973 }
974
975 i1 = strspn(s, addr_chars);
976 i2 = i1 + strspn(s + i1, " \t");
977 delim = s[i2++];
978 s[i1] = '\0';
979
980 if (a2i_ipadd(min, s) != length) {
981 X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_IPADDRESS);
982 X509V3_conf_err(val);
983 goto err;
984 }
985
986 switch (delim) {
987 case '/':
988 prefixlen = (int) strtoul(s + i2, &t, 10);
989 if (t == s + i2 || *t != '\0') {
990 X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_VALUE_ERROR);
991 X509V3_conf_err(val);
992 goto err;
993 }
994 if (!v3_addr_add_prefix(addr, afi, safi, min, prefixlen)) {
995 X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
996 goto err;
997 }
998 break;
999 case '-':
1000 i1 = i2 + strspn(s + i2, " \t");
1001 i2 = i1 + strspn(s + i1, addr_chars);
1002 if (i1 == i2 || s[i2] != '\0') {
1003 X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_VALUE_ERROR);
1004 X509V3_conf_err(val);
1005 goto err;
1006 }
1007 if (a2i_ipadd(max, s + i1) != length) {
1008 X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_IPADDRESS);
1009 X509V3_conf_err(val);
1010 goto err;
1011 }
1012 if (!v3_addr_add_range(addr, afi, safi, min, max)) {
1013 X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
1014 goto err;
1015 }
1016 break;
1017 case '\0':
1018 if (!v3_addr_add_prefix(addr, afi, safi, min, length * 8)) {
1019 X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
1020 goto err;
1021 }
1022 break;
1023 default:
1024 X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_VALUE_ERROR);
1025 X509V3_conf_err(val);
1026 goto err;
1027 }
1028
1029 OPENSSL_free(s);
1030 s = NULL;
1031 }
1032
1033 /*
1034 * Canonize the result, then we're done.
1035 */
1036 if (!v3_addr_canonize(addr))
1037 goto err;
1038 return addr;
1039
1040 err:
1041 OPENSSL_free(s);
1042 sk_IPAddressFamily_pop_free(addr, IPAddressFamily_free);
1043 return NULL;
1044}
1045
1046/*
1047 * OpenSSL dispatch
1048 */
1049const X509V3_EXT_METHOD v3_addr = {
1050 NID_sbgp_ipAddrBlock, /* nid */
1051 0, /* flags */
1052 ASN1_ITEM_ref(IPAddrBlocks), /* template */
1053 0, 0, 0, 0, /* old functions, ignored */
1054 0, /* i2s */
1055 0, /* s2i */
1056 0, /* i2v */
1057 v2i_IPAddrBlocks, /* v2i */
1058 i2r_IPAddrBlocks, /* i2r */
1059 0, /* r2i */
1060 NULL /* extension-specific data */
1061};
1062
1063/*
1064 * Figure out whether extension sues inheritance.
1065 */
1066int v3_addr_inherits(IPAddrBlocks *addr)
1067{
1068 int i;
1069 if (addr == NULL)
1070 return 0;
1071 for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
1072 IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
1073 if (f->ipAddressChoice->type == IPAddressChoice_inherit)
1074 return 1;
1075 }
1076 return 0;
1077}
1078
1079/*
1080 * Figure out whether parent contains child.
1081 */
1082static int addr_contains(IPAddressOrRanges *parent,
1083 IPAddressOrRanges *child,
1084 int length)
1085{
1086 unsigned char p_min[ADDR_RAW_BUF_LEN], p_max[ADDR_RAW_BUF_LEN];
1087 unsigned char c_min[ADDR_RAW_BUF_LEN], c_max[ADDR_RAW_BUF_LEN];
1088 int p, c;
1089
1090 if (child == NULL || parent == child)
1091 return 1;
1092 if (parent == NULL)
1093 return 0;
1094
1095 p = 0;
1096 for (c = 0; c < sk_IPAddressOrRange_num(child); c++) {
1097 extract_min_max(sk_IPAddressOrRange_value(child, c),
1098 c_min, c_max, length);
1099 for (;; p++) {
1100 if (p >= sk_IPAddressOrRange_num(parent))
1101 return 0;
1102 extract_min_max(sk_IPAddressOrRange_value(parent, p),
1103 p_min, p_max, length);
1104 if (memcmp(p_max, c_max, length) < 0)
1105 continue;
1106 if (memcmp(p_min, c_min, length) > 0)
1107 return 0;
1108 break;
1109 }
1110 }
1111
1112 return 1;
1113}
1114
1115/*
1116 * Test whether a is a subset of b.
1117 */
1118int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b)
1119{
1120 int i;
1121 if (a == NULL || a == b)
1122 return 1;
1123 if (b == NULL || v3_addr_inherits(a) || v3_addr_inherits(b))
1124 return 0;
1125 sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp);
1126 for (i = 0; i < sk_IPAddressFamily_num(a); i++) {
1127 IPAddressFamily *fa = sk_IPAddressFamily_value(a, i);
1128 int j = sk_IPAddressFamily_find(b, fa);
1129 IPAddressFamily *fb = sk_IPAddressFamily_value(b, j);
1130 if (!addr_contains(fb->ipAddressChoice->u.addressesOrRanges,
1131 fa->ipAddressChoice->u.addressesOrRanges,
1132 length_from_afi(v3_addr_get_afi(fb))))
1133 return 0;
1134 }
1135 return 1;
1136}
1137
1138/*
1139 * Validation error handling via callback.
1140 */
1141#define validation_err(_err_) \
1142 do { \
1143 if (ctx != NULL) { \
1144 ctx->error = _err_; \
1145 ctx->error_depth = i; \
1146 ctx->current_cert = x; \
1147 ret = ctx->verify_cb(0, ctx); \
1148 } else { \
1149 ret = 0; \
1150 } \
1151 if (!ret) \
1152 goto done; \
1153 } while (0)
1154
1155/*
1156 * Core code for RFC 3779 2.3 path validation.
1157 */
1158static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
1159 STACK_OF(X509) *chain,
1160 IPAddrBlocks *ext)
1161{
1162 IPAddrBlocks *child = NULL;
1163 int i, j, ret = 1;
1164 X509 *x = NULL;
1165
1166 assert(chain != NULL && sk_X509_num(chain) > 0);
1167 assert(ctx != NULL || ext != NULL);
1168 assert(ctx == NULL || ctx->verify_cb != NULL);
1169
1170 /*
1171 * Figure out where to start. If we don't have an extension to
1172 * check, we're done. Otherwise, check canonical form and
1173 * set up for walking up the chain.
1174 */
1175 if (ext != NULL) {
1176 i = -1;
1177 } else {
1178 i = 0;
1179 x = sk_X509_value(chain, i);
1180 assert(x != NULL);
1181 if ((ext = x->rfc3779_addr) == NULL)
1182 goto done;
1183 }
1184 if (!v3_addr_is_canonical(ext))
1185 validation_err(X509_V_ERR_INVALID_EXTENSION);
1186 sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp);
1187 if ((child = sk_IPAddressFamily_dup(ext)) == NULL) {
1188 X509V3err(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL, ERR_R_MALLOC_FAILURE);
1189 ret = 0;
1190 goto done;
1191 }
1192
1193 /*
1194 * Now walk up the chain. No cert may list resources that its
1195 * parent doesn't list.
1196 */
1197 for (i++; i < sk_X509_num(chain); i++) {
1198 x = sk_X509_value(chain, i);
1199 assert(x != NULL);
1200 if (!v3_addr_is_canonical(x->rfc3779_addr))
1201 validation_err(X509_V_ERR_INVALID_EXTENSION);
1202 if (x->rfc3779_addr == NULL) {
1203 for (j = 0; j < sk_IPAddressFamily_num(child); j++) {
1204 IPAddressFamily *fc = sk_IPAddressFamily_value(child, j);
1205 if (fc->ipAddressChoice->type != IPAddressChoice_inherit) {
1206 validation_err(X509_V_ERR_UNNESTED_RESOURCE);
1207 break;
1208 }
1209 }
1210 continue;
1211 }
1212 sk_IPAddressFamily_set_cmp_func(x->rfc3779_addr, IPAddressFamily_cmp);
1213 for (j = 0; j < sk_IPAddressFamily_num(child); j++) {
1214 IPAddressFamily *fc = sk_IPAddressFamily_value(child, j);
1215 int k = sk_IPAddressFamily_find(x->rfc3779_addr, fc);
1216 IPAddressFamily *fp = sk_IPAddressFamily_value(x->rfc3779_addr, k);
1217 if (fp == NULL) {
1218 if (fc->ipAddressChoice->type == IPAddressChoice_addressesOrRanges) {
1219 validation_err(X509_V_ERR_UNNESTED_RESOURCE);
1220 break;
1221 }
1222 continue;
1223 }
1224 if (fp->ipAddressChoice->type == IPAddressChoice_addressesOrRanges) {
1225 if (fc->ipAddressChoice->type == IPAddressChoice_inherit ||
1226 addr_contains(fp->ipAddressChoice->u.addressesOrRanges,
1227 fc->ipAddressChoice->u.addressesOrRanges,
1228 length_from_afi(v3_addr_get_afi(fc))))
1229 sk_IPAddressFamily_set(child, j, fp);
1230 else
1231 validation_err(X509_V_ERR_UNNESTED_RESOURCE);
1232 }
1233 }
1234 }
1235
1236 /*
1237 * Trust anchor can't inherit.
1238 */
1239 if (x->rfc3779_addr != NULL) {
1240 for (j = 0; j < sk_IPAddressFamily_num(x->rfc3779_addr); j++) {
1241 IPAddressFamily *fp = sk_IPAddressFamily_value(x->rfc3779_addr, j);
1242 if (fp->ipAddressChoice->type == IPAddressChoice_inherit &&
1243 sk_IPAddressFamily_find(child, fp) >= 0)
1244 validation_err(X509_V_ERR_UNNESTED_RESOURCE);
1245 }
1246 }
1247
1248 done:
1249 sk_IPAddressFamily_free(child);
1250 return ret;
1251}
1252
1253#undef validation_err
1254
1255/*
1256 * RFC 3779 2.3 path validation -- called from X509_verify_cert().
1257 */
1258int v3_addr_validate_path(X509_STORE_CTX *ctx)
1259{
1260 return v3_addr_validate_path_internal(ctx, ctx->chain, NULL);
1261}
1262
1263/*
1264 * RFC 3779 2.3 path validation of an extension.
1265 * Test whether chain covers extension.
1266 */
1267int v3_addr_validate_resource_set(STACK_OF(X509) *chain,
1268 IPAddrBlocks *ext,
1269 int allow_inheritance)
1270{
1271 if (ext == NULL)
1272 return 1;
1273 if (chain == NULL || sk_X509_num(chain) == 0)
1274 return 0;
1275 if (!allow_inheritance && v3_addr_inherits(ext))
1276 return 0;
1277 return v3_addr_validate_path_internal(NULL, chain, ext);
1278}
1279
1280#endif /* OPENSSL_NO_RFC3779 */
diff --git a/src/lib/libcrypto/x509v3/v3_akey.c b/src/lib/libcrypto/x509v3/v3_akey.c
new file mode 100644
index 0000000000..97e686f97a
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_akey.c
@@ -0,0 +1,190 @@
1/* v3_akey.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/conf.h>
62#include <openssl/asn1.h>
63#include <openssl/asn1t.h>
64#include <openssl/x509v3.h>
65
66static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
67 AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist);
68static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
69 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
70
71X509V3_EXT_METHOD v3_akey_id = {
72NID_authority_key_identifier, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID),
730,0,0,0,
740,0,
75(X509V3_EXT_I2V)i2v_AUTHORITY_KEYID,
76(X509V3_EXT_V2I)v2i_AUTHORITY_KEYID,
770,0,
78NULL
79};
80
81static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
82 AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist)
83{
84 char *tmp;
85 if(akeyid->keyid) {
86 tmp = hex_to_string(akeyid->keyid->data, akeyid->keyid->length);
87 X509V3_add_value("keyid", tmp, &extlist);
88 OPENSSL_free(tmp);
89 }
90 if(akeyid->issuer)
91 extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist);
92 if(akeyid->serial) {
93 tmp = hex_to_string(akeyid->serial->data,
94 akeyid->serial->length);
95 X509V3_add_value("serial", tmp, &extlist);
96 OPENSSL_free(tmp);
97 }
98 return extlist;
99}
100
101/* Currently two options:
102 * keyid: use the issuers subject keyid, the value 'always' means its is
103 * an error if the issuer certificate doesn't have a key id.
104 * issuer: use the issuers cert issuer and serial number. The default is
105 * to only use this if keyid is not present. With the option 'always'
106 * this is always included.
107 */
108
109static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
110 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values)
111{
112char keyid=0, issuer=0;
113int i;
114CONF_VALUE *cnf;
115ASN1_OCTET_STRING *ikeyid = NULL;
116X509_NAME *isname = NULL;
117GENERAL_NAMES * gens = NULL;
118GENERAL_NAME *gen = NULL;
119ASN1_INTEGER *serial = NULL;
120X509_EXTENSION *ext;
121X509 *cert;
122AUTHORITY_KEYID *akeyid;
123for(i = 0; i < sk_CONF_VALUE_num(values); i++) {
124 cnf = sk_CONF_VALUE_value(values, i);
125 if(!strcmp(cnf->name, "keyid")) {
126 keyid = 1;
127 if(cnf->value && !strcmp(cnf->value, "always")) keyid = 2;
128 } else if(!strcmp(cnf->name, "issuer")) {
129 issuer = 1;
130 if(cnf->value && !strcmp(cnf->value, "always")) issuer = 2;
131 } else {
132 X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNKNOWN_OPTION);
133 ERR_add_error_data(2, "name=", cnf->name);
134 return NULL;
135 }
136}
137
138if(!ctx || !ctx->issuer_cert) {
139 if(ctx && (ctx->flags==CTX_TEST)) return AUTHORITY_KEYID_new();
140 X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_NO_ISSUER_CERTIFICATE);
141 return NULL;
142}
143
144cert = ctx->issuer_cert;
145
146if(keyid) {
147 i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1);
148 if((i >= 0) && (ext = X509_get_ext(cert, i)))
149 ikeyid = X509V3_EXT_d2i(ext);
150 if(keyid==2 && !ikeyid) {
151 X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_KEYID);
152 return NULL;
153 }
154}
155
156if((issuer && !ikeyid) || (issuer == 2)) {
157 isname = X509_NAME_dup(X509_get_issuer_name(cert));
158 serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert));
159 if(!isname || !serial) {
160 X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS);
161 goto err;
162 }
163}
164
165if(!(akeyid = AUTHORITY_KEYID_new())) goto err;
166
167if(isname) {
168 if(!(gens = sk_GENERAL_NAME_new_null()) || !(gen = GENERAL_NAME_new())
169 || !sk_GENERAL_NAME_push(gens, gen)) {
170 X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,ERR_R_MALLOC_FAILURE);
171 goto err;
172 }
173 gen->type = GEN_DIRNAME;
174 gen->d.dirn = isname;
175}
176
177akeyid->issuer = gens;
178akeyid->serial = serial;
179akeyid->keyid = ikeyid;
180
181return akeyid;
182
183err:
184X509_NAME_free(isname);
185M_ASN1_INTEGER_free(serial);
186M_ASN1_OCTET_STRING_free(ikeyid);
187return NULL;
188
189}
190
diff --git a/src/lib/libcrypto/x509v3/v3_akeya.c b/src/lib/libcrypto/x509v3/v3_akeya.c
new file mode 100644
index 0000000000..2aafa26ba7
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_akeya.c
@@ -0,0 +1,72 @@
1/* v3_akey_asn1.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/conf.h>
62#include <openssl/asn1.h>
63#include <openssl/asn1t.h>
64#include <openssl/x509v3.h>
65
66ASN1_SEQUENCE(AUTHORITY_KEYID) = {
67 ASN1_IMP_OPT(AUTHORITY_KEYID, keyid, ASN1_OCTET_STRING, 0),
68 ASN1_IMP_SEQUENCE_OF_OPT(AUTHORITY_KEYID, issuer, GENERAL_NAME, 1),
69 ASN1_IMP_OPT(AUTHORITY_KEYID, serial, ASN1_INTEGER, 2)
70} ASN1_SEQUENCE_END(AUTHORITY_KEYID)
71
72IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_KEYID)
diff --git a/src/lib/libcrypto/x509v3/v3_alt.c b/src/lib/libcrypto/x509v3/v3_alt.c
new file mode 100644
index 0000000000..58b935a3b6
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_alt.c
@@ -0,0 +1,458 @@
1/* v3_alt.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/conf.h>
62#include <openssl/x509v3.h>
63
64static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
65static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
66static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p);
67static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens);
68X509V3_EXT_METHOD v3_alt[] = {
69{ NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
700,0,0,0,
710,0,
72(X509V3_EXT_I2V)i2v_GENERAL_NAMES,
73(X509V3_EXT_V2I)v2i_subject_alt,
74NULL, NULL, NULL},
75
76{ NID_issuer_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
770,0,0,0,
780,0,
79(X509V3_EXT_I2V)i2v_GENERAL_NAMES,
80(X509V3_EXT_V2I)v2i_issuer_alt,
81NULL, NULL, NULL},
82};
83
84STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
85 GENERAL_NAMES *gens, STACK_OF(CONF_VALUE) *ret)
86{
87 int i;
88 GENERAL_NAME *gen;
89 for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
90 gen = sk_GENERAL_NAME_value(gens, i);
91 ret = i2v_GENERAL_NAME(method, gen, ret);
92 }
93 if(!ret) return sk_CONF_VALUE_new_null();
94 return ret;
95}
96
97STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
98 GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret)
99{
100 unsigned char *p;
101 char oline[256];
102 switch (gen->type)
103 {
104 case GEN_OTHERNAME:
105 X509V3_add_value("othername","<unsupported>", &ret);
106 break;
107
108 case GEN_X400:
109 X509V3_add_value("X400Name","<unsupported>", &ret);
110 break;
111
112 case GEN_EDIPARTY:
113 X509V3_add_value("EdiPartyName","<unsupported>", &ret);
114 break;
115
116 case GEN_EMAIL:
117 X509V3_add_value_uchar("email",gen->d.ia5->data, &ret);
118 break;
119
120 case GEN_DNS:
121 X509V3_add_value_uchar("DNS",gen->d.ia5->data, &ret);
122 break;
123
124 case GEN_URI:
125 X509V3_add_value_uchar("URI",gen->d.ia5->data, &ret);
126 break;
127
128 case GEN_DIRNAME:
129 X509_NAME_oneline(gen->d.dirn, oline, 256);
130 X509V3_add_value("DirName",oline, &ret);
131 break;
132
133 case GEN_IPADD:
134 p = gen->d.ip->data;
135 /* BUG: doesn't support IPV6 */
136 if(gen->d.ip->length != 4) {
137 X509V3_add_value("IP Address","<invalid>", &ret);
138 break;
139 }
140 BIO_snprintf(oline, sizeof oline,
141 "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
142 X509V3_add_value("IP Address",oline, &ret);
143 break;
144
145 case GEN_RID:
146 i2t_ASN1_OBJECT(oline, 256, gen->d.rid);
147 X509V3_add_value("Registered ID",oline, &ret);
148 break;
149 }
150 return ret;
151}
152
153int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen)
154{
155 unsigned char *p;
156 switch (gen->type)
157 {
158 case GEN_OTHERNAME:
159 BIO_printf(out, "othername:<unsupported>");
160 break;
161
162 case GEN_X400:
163 BIO_printf(out, "X400Name:<unsupported>");
164 break;
165
166 case GEN_EDIPARTY:
167 /* Maybe fix this: it is supported now */
168 BIO_printf(out, "EdiPartyName:<unsupported>");
169 break;
170
171 case GEN_EMAIL:
172 BIO_printf(out, "email:%s",gen->d.ia5->data);
173 break;
174
175 case GEN_DNS:
176 BIO_printf(out, "DNS:%s",gen->d.ia5->data);
177 break;
178
179 case GEN_URI:
180 BIO_printf(out, "URI:%s",gen->d.ia5->data);
181 break;
182
183 case GEN_DIRNAME:
184 BIO_printf(out, "DirName: ");
185 X509_NAME_print_ex(out, gen->d.dirn, 0, XN_FLAG_ONELINE);
186 break;
187
188 case GEN_IPADD:
189 p = gen->d.ip->data;
190 /* BUG: doesn't support IPV6 */
191 if(gen->d.ip->length != 4) {
192 BIO_printf(out,"IP Address:<invalid>");
193 break;
194 }
195 BIO_printf(out, "IP Address:%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
196 break;
197
198 case GEN_RID:
199 BIO_printf(out, "Registered ID");
200 i2a_ASN1_OBJECT(out, gen->d.rid);
201 break;
202 }
203 return 1;
204}
205
206static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method,
207 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
208{
209 GENERAL_NAMES *gens = NULL;
210 CONF_VALUE *cnf;
211 int i;
212 if(!(gens = sk_GENERAL_NAME_new_null())) {
213 X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE);
214 return NULL;
215 }
216 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
217 cnf = sk_CONF_VALUE_value(nval, i);
218 if(!name_cmp(cnf->name, "issuer") && cnf->value &&
219 !strcmp(cnf->value, "copy")) {
220 if(!copy_issuer(ctx, gens)) goto err;
221 } else {
222 GENERAL_NAME *gen;
223 if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
224 goto err;
225 sk_GENERAL_NAME_push(gens, gen);
226 }
227 }
228 return gens;
229 err:
230 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
231 return NULL;
232}
233
234/* Append subject altname of issuer to issuer alt name of subject */
235
236static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens)
237{
238 GENERAL_NAMES *ialt;
239 GENERAL_NAME *gen;
240 X509_EXTENSION *ext;
241 int i;
242 if(ctx && (ctx->flags == CTX_TEST)) return 1;
243 if(!ctx || !ctx->issuer_cert) {
244 X509V3err(X509V3_F_COPY_ISSUER,X509V3_R_NO_ISSUER_DETAILS);
245 goto err;
246 }
247 i = X509_get_ext_by_NID(ctx->issuer_cert, NID_subject_alt_name, -1);
248 if(i < 0) return 1;
249 if(!(ext = X509_get_ext(ctx->issuer_cert, i)) ||
250 !(ialt = X509V3_EXT_d2i(ext)) ) {
251 X509V3err(X509V3_F_COPY_ISSUER,X509V3_R_ISSUER_DECODE_ERROR);
252 goto err;
253 }
254
255 for(i = 0; i < sk_GENERAL_NAME_num(ialt); i++) {
256 gen = sk_GENERAL_NAME_value(ialt, i);
257 if(!sk_GENERAL_NAME_push(gens, gen)) {
258 X509V3err(X509V3_F_COPY_ISSUER,ERR_R_MALLOC_FAILURE);
259 goto err;
260 }
261 }
262 sk_GENERAL_NAME_free(ialt);
263
264 return 1;
265
266 err:
267 return 0;
268
269}
270
271static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method,
272 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
273{
274 GENERAL_NAMES *gens = NULL;
275 CONF_VALUE *cnf;
276 int i;
277 if(!(gens = sk_GENERAL_NAME_new_null())) {
278 X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE);
279 return NULL;
280 }
281 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
282 cnf = sk_CONF_VALUE_value(nval, i);
283 if(!name_cmp(cnf->name, "email") && cnf->value &&
284 !strcmp(cnf->value, "copy")) {
285 if(!copy_email(ctx, gens, 0)) goto err;
286 } else if(!name_cmp(cnf->name, "email") && cnf->value &&
287 !strcmp(cnf->value, "move")) {
288 if(!copy_email(ctx, gens, 1)) goto err;
289 } else {
290 GENERAL_NAME *gen;
291 if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
292 goto err;
293 sk_GENERAL_NAME_push(gens, gen);
294 }
295 }
296 return gens;
297 err:
298 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
299 return NULL;
300}
301
302/* Copy any email addresses in a certificate or request to
303 * GENERAL_NAMES
304 */
305
306static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
307{
308 X509_NAME *nm;
309 ASN1_IA5STRING *email = NULL;
310 X509_NAME_ENTRY *ne;
311 GENERAL_NAME *gen = NULL;
312 int i;
313 if(ctx->flags == CTX_TEST) return 1;
314 if(!ctx || (!ctx->subject_cert && !ctx->subject_req)) {
315 X509V3err(X509V3_F_COPY_EMAIL,X509V3_R_NO_SUBJECT_DETAILS);
316 goto err;
317 }
318 /* Find the subject name */
319 if(ctx->subject_cert) nm = X509_get_subject_name(ctx->subject_cert);
320 else nm = X509_REQ_get_subject_name(ctx->subject_req);
321
322 /* Now add any email address(es) to STACK */
323 i = -1;
324 while((i = X509_NAME_get_index_by_NID(nm,
325 NID_pkcs9_emailAddress, i)) >= 0) {
326 ne = X509_NAME_get_entry(nm, i);
327 email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne));
328 if (move_p)
329 {
330 X509_NAME_delete_entry(nm, i);
331 i--;
332 }
333 if(!email || !(gen = GENERAL_NAME_new())) {
334 X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE);
335 goto err;
336 }
337 gen->d.ia5 = email;
338 email = NULL;
339 gen->type = GEN_EMAIL;
340 if(!sk_GENERAL_NAME_push(gens, gen)) {
341 X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE);
342 goto err;
343 }
344 gen = NULL;
345 }
346
347
348 return 1;
349
350 err:
351 GENERAL_NAME_free(gen);
352 M_ASN1_IA5STRING_free(email);
353 return 0;
354
355}
356
357GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
358 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
359{
360 GENERAL_NAME *gen;
361 GENERAL_NAMES *gens = NULL;
362 CONF_VALUE *cnf;
363 int i;
364 if(!(gens = sk_GENERAL_NAME_new_null())) {
365 X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE);
366 return NULL;
367 }
368 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
369 cnf = sk_CONF_VALUE_value(nval, i);
370 if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err;
371 sk_GENERAL_NAME_push(gens, gen);
372 }
373 return gens;
374 err:
375 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
376 return NULL;
377}
378
379GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
380 CONF_VALUE *cnf)
381{
382char is_string = 0;
383int type;
384GENERAL_NAME *gen = NULL;
385
386char *name, *value;
387
388name = cnf->name;
389value = cnf->value;
390
391if(!value) {
392 X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_MISSING_VALUE);
393 return NULL;
394}
395
396if(!(gen = GENERAL_NAME_new())) {
397 X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
398 return NULL;
399}
400
401if(!name_cmp(name, "email")) {
402 is_string = 1;
403 type = GEN_EMAIL;
404} else if(!name_cmp(name, "URI")) {
405 is_string = 1;
406 type = GEN_URI;
407} else if(!name_cmp(name, "DNS")) {
408 is_string = 1;
409 type = GEN_DNS;
410} else if(!name_cmp(name, "RID")) {
411 ASN1_OBJECT *obj;
412 if(!(obj = OBJ_txt2obj(value,0))) {
413 X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_BAD_OBJECT);
414 ERR_add_error_data(2, "value=", value);
415 goto err;
416 }
417 gen->d.rid = obj;
418 type = GEN_RID;
419} else if(!name_cmp(name, "IP")) {
420 int i1,i2,i3,i4;
421 unsigned char ip[4];
422 if((sscanf(value, "%d.%d.%d.%d",&i1,&i2,&i3,&i4) != 4) ||
423 (i1 < 0) || (i1 > 255) || (i2 < 0) || (i2 > 255) ||
424 (i3 < 0) || (i3 > 255) || (i4 < 0) || (i4 > 255) ) {
425 X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_BAD_IP_ADDRESS);
426 ERR_add_error_data(2, "value=", value);
427 goto err;
428 }
429 ip[0] = i1; ip[1] = i2 ; ip[2] = i3 ; ip[3] = i4;
430 if(!(gen->d.ip = M_ASN1_OCTET_STRING_new()) ||
431 !ASN1_STRING_set(gen->d.ip, ip, 4)) {
432 X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
433 goto err;
434 }
435 type = GEN_IPADD;
436} else {
437 X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_UNSUPPORTED_OPTION);
438 ERR_add_error_data(2, "name=", name);
439 goto err;
440}
441
442if(is_string) {
443 if(!(gen->d.ia5 = M_ASN1_IA5STRING_new()) ||
444 !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value,
445 strlen(value))) {
446 X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
447 goto err;
448 }
449}
450
451gen->type = type;
452
453return gen;
454
455err:
456GENERAL_NAME_free(gen);
457return NULL;
458}
diff --git a/src/lib/libcrypto/x509v3/v3_asid.c b/src/lib/libcrypto/x509v3/v3_asid.c
new file mode 100644
index 0000000000..271930f967
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_asid.c
@@ -0,0 +1,842 @@
1/*
2 * Contributed to the OpenSSL Project by the American Registry for
3 * Internet Numbers ("ARIN").
4 */
5/* ====================================================================
6 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 */
57
58/*
59 * Implementation of RFC 3779 section 3.2.
60 */
61
62#include <stdio.h>
63#include <string.h>
64#include <assert.h>
65#include "cryptlib.h"
66#include <openssl/conf.h>
67#include <openssl/asn1.h>
68#include <openssl/asn1t.h>
69#include <openssl/x509v3.h>
70#include <openssl/x509.h>
71#include <openssl/bn.h>
72
73#ifndef OPENSSL_NO_RFC3779
74
75/*
76 * OpenSSL ASN.1 template translation of RFC 3779 3.2.3.
77 */
78
79ASN1_SEQUENCE(ASRange) = {
80 ASN1_SIMPLE(ASRange, min, ASN1_INTEGER),
81 ASN1_SIMPLE(ASRange, max, ASN1_INTEGER)
82} ASN1_SEQUENCE_END(ASRange)
83
84ASN1_CHOICE(ASIdOrRange) = {
85 ASN1_SIMPLE(ASIdOrRange, u.id, ASN1_INTEGER),
86 ASN1_SIMPLE(ASIdOrRange, u.range, ASRange)
87} ASN1_CHOICE_END(ASIdOrRange)
88
89ASN1_CHOICE(ASIdentifierChoice) = {
90 ASN1_SIMPLE(ASIdentifierChoice, u.inherit, ASN1_NULL),
91 ASN1_SEQUENCE_OF(ASIdentifierChoice, u.asIdsOrRanges, ASIdOrRange)
92} ASN1_CHOICE_END(ASIdentifierChoice)
93
94ASN1_SEQUENCE(ASIdentifiers) = {
95 ASN1_EXP_OPT(ASIdentifiers, asnum, ASIdentifierChoice, 0),
96 ASN1_EXP_OPT(ASIdentifiers, rdi, ASIdentifierChoice, 1)
97} ASN1_SEQUENCE_END(ASIdentifiers)
98
99IMPLEMENT_ASN1_FUNCTIONS(ASRange)
100IMPLEMENT_ASN1_FUNCTIONS(ASIdOrRange)
101IMPLEMENT_ASN1_FUNCTIONS(ASIdentifierChoice)
102IMPLEMENT_ASN1_FUNCTIONS(ASIdentifiers)
103
104/*
105 * i2r method for an ASIdentifierChoice.
106 */
107static int i2r_ASIdentifierChoice(BIO *out,
108 ASIdentifierChoice *choice,
109 int indent,
110 const char *msg)
111{
112 int i;
113 char *s;
114 if (choice == NULL)
115 return 1;
116 BIO_printf(out, "%*s%s:\n", indent, "", msg);
117 switch (choice->type) {
118 case ASIdentifierChoice_inherit:
119 BIO_printf(out, "%*sinherit\n", indent + 2, "");
120 break;
121 case ASIdentifierChoice_asIdsOrRanges:
122 for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges); i++) {
123 ASIdOrRange *aor = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
124 switch (aor->type) {
125 case ASIdOrRange_id:
126 if ((s = i2s_ASN1_INTEGER(NULL, aor->u.id)) == NULL)
127 return 0;
128 BIO_printf(out, "%*s%s\n", indent + 2, "", s);
129 OPENSSL_free(s);
130 break;
131 case ASIdOrRange_range:
132 if ((s = i2s_ASN1_INTEGER(NULL, aor->u.range->min)) == NULL)
133 return 0;
134 BIO_printf(out, "%*s%s-", indent + 2, "", s);
135 OPENSSL_free(s);
136 if ((s = i2s_ASN1_INTEGER(NULL, aor->u.range->max)) == NULL)
137 return 0;
138 BIO_printf(out, "%s\n", s);
139 OPENSSL_free(s);
140 break;
141 default:
142 return 0;
143 }
144 }
145 break;
146 default:
147 return 0;
148 }
149 return 1;
150}
151
152/*
153 * i2r method for an ASIdentifier extension.
154 */
155static int i2r_ASIdentifiers(X509V3_EXT_METHOD *method,
156 void *ext,
157 BIO *out,
158 int indent)
159{
160 ASIdentifiers *asid = ext;
161 return (i2r_ASIdentifierChoice(out, asid->asnum, indent,
162 "Autonomous System Numbers") &&
163 i2r_ASIdentifierChoice(out, asid->rdi, indent,
164 "Routing Domain Identifiers"));
165}
166
167/*
168 * Sort comparision function for a sequence of ASIdOrRange elements.
169 */
170static int ASIdOrRange_cmp(const ASIdOrRange * const *a_,
171 const ASIdOrRange * const *b_)
172{
173 const ASIdOrRange *a = *a_, *b = *b_;
174
175 assert((a->type == ASIdOrRange_id && a->u.id != NULL) ||
176 (a->type == ASIdOrRange_range && a->u.range != NULL &&
177 a->u.range->min != NULL && a->u.range->max != NULL));
178
179 assert((b->type == ASIdOrRange_id && b->u.id != NULL) ||
180 (b->type == ASIdOrRange_range && b->u.range != NULL &&
181 b->u.range->min != NULL && b->u.range->max != NULL));
182
183 if (a->type == ASIdOrRange_id && b->type == ASIdOrRange_id)
184 return ASN1_INTEGER_cmp(a->u.id, b->u.id);
185
186 if (a->type == ASIdOrRange_range && b->type == ASIdOrRange_range) {
187 int r = ASN1_INTEGER_cmp(a->u.range->min, b->u.range->min);
188 return r != 0 ? r : ASN1_INTEGER_cmp(a->u.range->max, b->u.range->max);
189 }
190
191 if (a->type == ASIdOrRange_id)
192 return ASN1_INTEGER_cmp(a->u.id, b->u.range->min);
193 else
194 return ASN1_INTEGER_cmp(a->u.range->min, b->u.id);
195}
196
197/*
198 * Add an inherit element.
199 */
200int v3_asid_add_inherit(ASIdentifiers *asid, int which)
201{
202 ASIdentifierChoice **choice;
203 if (asid == NULL)
204 return 0;
205 switch (which) {
206 case V3_ASID_ASNUM:
207 choice = &asid->asnum;
208 break;
209 case V3_ASID_RDI:
210 choice = &asid->rdi;
211 break;
212 default:
213 return 0;
214 }
215 if (*choice == NULL) {
216 if ((*choice = ASIdentifierChoice_new()) == NULL)
217 return 0;
218 assert((*choice)->u.inherit == NULL);
219 if (((*choice)->u.inherit = ASN1_NULL_new()) == NULL)
220 return 0;
221 (*choice)->type = ASIdentifierChoice_inherit;
222 }
223 return (*choice)->type == ASIdentifierChoice_inherit;
224}
225
226/*
227 * Add an ID or range to an ASIdentifierChoice.
228 */
229int v3_asid_add_id_or_range(ASIdentifiers *asid,
230 int which,
231 ASN1_INTEGER *min,
232 ASN1_INTEGER *max)
233{
234 ASIdentifierChoice **choice;
235 ASIdOrRange *aor;
236 if (asid == NULL)
237 return 0;
238 switch (which) {
239 case V3_ASID_ASNUM:
240 choice = &asid->asnum;
241 break;
242 case V3_ASID_RDI:
243 choice = &asid->rdi;
244 break;
245 default:
246 return 0;
247 }
248 if (*choice != NULL && (*choice)->type == ASIdentifierChoice_inherit)
249 return 0;
250 if (*choice == NULL) {
251 if ((*choice = ASIdentifierChoice_new()) == NULL)
252 return 0;
253 assert((*choice)->u.asIdsOrRanges == NULL);
254 (*choice)->u.asIdsOrRanges = sk_ASIdOrRange_new(ASIdOrRange_cmp);
255 if ((*choice)->u.asIdsOrRanges == NULL)
256 return 0;
257 (*choice)->type = ASIdentifierChoice_asIdsOrRanges;
258 }
259 if ((aor = ASIdOrRange_new()) == NULL)
260 return 0;
261 if (max == NULL) {
262 aor->type = ASIdOrRange_id;
263 aor->u.id = min;
264 } else {
265 aor->type = ASIdOrRange_range;
266 if ((aor->u.range = ASRange_new()) == NULL)
267 goto err;
268 ASN1_INTEGER_free(aor->u.range->min);
269 aor->u.range->min = min;
270 ASN1_INTEGER_free(aor->u.range->max);
271 aor->u.range->max = max;
272 }
273 if (!(sk_ASIdOrRange_push((*choice)->u.asIdsOrRanges, aor)))
274 goto err;
275 return 1;
276
277 err:
278 ASIdOrRange_free(aor);
279 return 0;
280}
281
282/*
283 * Extract min and max values from an ASIdOrRange.
284 */
285static void extract_min_max(ASIdOrRange *aor,
286 ASN1_INTEGER **min,
287 ASN1_INTEGER **max)
288{
289 assert(aor != NULL && min != NULL && max != NULL);
290 switch (aor->type) {
291 case ASIdOrRange_id:
292 *min = aor->u.id;
293 *max = aor->u.id;
294 return;
295 case ASIdOrRange_range:
296 *min = aor->u.range->min;
297 *max = aor->u.range->max;
298 return;
299 }
300}
301
302/*
303 * Check whether an ASIdentifierChoice is in canonical form.
304 */
305static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
306{
307 ASN1_INTEGER *a_max_plus_one = NULL;
308 BIGNUM *bn = NULL;
309 int i, ret = 0;
310
311 /*
312 * Empty element or inheritance is canonical.
313 */
314 if (choice == NULL || choice->type == ASIdentifierChoice_inherit)
315 return 1;
316
317 /*
318 * If not a list, or if empty list, it's broken.
319 */
320 if (choice->type != ASIdentifierChoice_asIdsOrRanges ||
321 sk_ASIdOrRange_num(choice->u.asIdsOrRanges) == 0)
322 return 0;
323
324 /*
325 * It's a list, check it.
326 */
327 for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) {
328 ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
329 ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1);
330 ASN1_INTEGER *a_min, *a_max, *b_min, *b_max;
331
332 extract_min_max(a, &a_min, &a_max);
333 extract_min_max(b, &b_min, &b_max);
334
335 /*
336 * Punt misordered list, overlapping start, or inverted range.
337 */
338 if (ASN1_INTEGER_cmp(a_min, b_min) >= 0 ||
339 ASN1_INTEGER_cmp(a_min, a_max) > 0 ||
340 ASN1_INTEGER_cmp(b_min, b_max) > 0)
341 goto done;
342
343 /*
344 * Calculate a_max + 1 to check for adjacency.
345 */
346 if ((bn == NULL && (bn = BN_new()) == NULL) ||
347 ASN1_INTEGER_to_BN(a_max, bn) == NULL ||
348 !BN_add_word(bn, 1) ||
349 (a_max_plus_one = BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) {
350 X509V3err(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL,
351 ERR_R_MALLOC_FAILURE);
352 goto done;
353 }
354
355 /*
356 * Punt if adjacent or overlapping.
357 */
358 if (ASN1_INTEGER_cmp(a_max_plus_one, b_min) >= 0)
359 goto done;
360 }
361
362 ret = 1;
363
364 done:
365 ASN1_INTEGER_free(a_max_plus_one);
366 BN_free(bn);
367 return ret;
368}
369
370/*
371 * Check whether an ASIdentifier extension is in canonical form.
372 */
373int v3_asid_is_canonical(ASIdentifiers *asid)
374{
375 return (asid == NULL ||
376 (ASIdentifierChoice_is_canonical(asid->asnum) ||
377 ASIdentifierChoice_is_canonical(asid->rdi)));
378}
379
380/*
381 * Whack an ASIdentifierChoice into canonical form.
382 */
383static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
384{
385 ASN1_INTEGER *a_max_plus_one = NULL;
386 BIGNUM *bn = NULL;
387 int i, ret = 0;
388
389 /*
390 * Nothing to do for empty element or inheritance.
391 */
392 if (choice == NULL || choice->type == ASIdentifierChoice_inherit)
393 return 1;
394
395 /*
396 * We have a list. Sort it.
397 */
398 assert(choice->type == ASIdentifierChoice_asIdsOrRanges);
399 sk_ASIdOrRange_sort(choice->u.asIdsOrRanges);
400
401 /*
402 * Now check for errors and suboptimal encoding, rejecting the
403 * former and fixing the latter.
404 */
405 for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) {
406 ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
407 ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1);
408 ASN1_INTEGER *a_min, *a_max, *b_min, *b_max;
409
410 extract_min_max(a, &a_min, &a_max);
411 extract_min_max(b, &b_min, &b_max);
412
413 /*
414 * Make sure we're properly sorted (paranoia).
415 */
416 assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0);
417
418 /*
419 * Check for overlaps.
420 */
421 if (ASN1_INTEGER_cmp(a_max, b_min) >= 0) {
422 X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
423 X509V3_R_EXTENSION_VALUE_ERROR);
424 goto done;
425 }
426
427 /*
428 * Calculate a_max + 1 to check for adjacency.
429 */
430 if ((bn == NULL && (bn = BN_new()) == NULL) ||
431 ASN1_INTEGER_to_BN(a_max, bn) == NULL ||
432 !BN_add_word(bn, 1) ||
433 (a_max_plus_one = BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) {
434 X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, ERR_R_MALLOC_FAILURE);
435 goto done;
436 }
437
438 /*
439 * If a and b are adjacent, merge them.
440 */
441 if (ASN1_INTEGER_cmp(a_max_plus_one, b_min) == 0) {
442 ASRange *r;
443 switch (a->type) {
444 case ASIdOrRange_id:
445 if ((r = OPENSSL_malloc(sizeof(ASRange))) == NULL) {
446 X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
447 ERR_R_MALLOC_FAILURE);
448 goto done;
449 }
450 r->min = a_min;
451 r->max = b_max;
452 a->type = ASIdOrRange_range;
453 a->u.range = r;
454 break;
455 case ASIdOrRange_range:
456 ASN1_INTEGER_free(a->u.range->max);
457 a->u.range->max = b_max;
458 break;
459 }
460 switch (b->type) {
461 case ASIdOrRange_id:
462 b->u.id = NULL;
463 break;
464 case ASIdOrRange_range:
465 b->u.range->max = NULL;
466 break;
467 }
468 ASIdOrRange_free(b);
469 sk_ASIdOrRange_delete(choice->u.asIdsOrRanges, i + 1);
470 i--;
471 continue;
472 }
473 }
474
475 assert(ASIdentifierChoice_is_canonical(choice)); /* Paranoia */
476
477 ret = 1;
478
479 done:
480 ASN1_INTEGER_free(a_max_plus_one);
481 BN_free(bn);
482 return ret;
483}
484
485/*
486 * Whack an ASIdentifier extension into canonical form.
487 */
488int v3_asid_canonize(ASIdentifiers *asid)
489{
490 return (asid == NULL ||
491 (ASIdentifierChoice_canonize(asid->asnum) &&
492 ASIdentifierChoice_canonize(asid->rdi)));
493}
494
495/*
496 * v2i method for an ASIdentifier extension.
497 */
498static void *v2i_ASIdentifiers(struct v3_ext_method *method,
499 struct v3_ext_ctx *ctx,
500 STACK_OF(CONF_VALUE) *values)
501{
502 ASIdentifiers *asid = NULL;
503 int i;
504
505 if ((asid = ASIdentifiers_new()) == NULL) {
506 X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
507 return NULL;
508 }
509
510 for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
511 CONF_VALUE *val = sk_CONF_VALUE_value(values, i);
512 ASN1_INTEGER *min = NULL, *max = NULL;
513 int i1, i2, i3, is_range, which;
514
515 /*
516 * Figure out whether this is an AS or an RDI.
517 */
518 if ( !name_cmp(val->name, "AS")) {
519 which = V3_ASID_ASNUM;
520 } else if (!name_cmp(val->name, "RDI")) {
521 which = V3_ASID_RDI;
522 } else {
523 X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_EXTENSION_NAME_ERROR);
524 X509V3_conf_err(val);
525 goto err;
526 }
527
528 /*
529 * Handle inheritance.
530 */
531 if (!strcmp(val->value, "inherit")) {
532 if (v3_asid_add_inherit(asid, which))
533 continue;
534 X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_INVALID_INHERITANCE);
535 X509V3_conf_err(val);
536 goto err;
537 }
538
539 /*
540 * Number, range, or mistake, pick it apart and figure out which.
541 */
542 i1 = strspn(val->value, "0123456789");
543 if (val->value[i1] == '\0') {
544 is_range = 0;
545 } else {
546 is_range = 1;
547 i2 = i1 + strspn(val->value + i1, " \t");
548 if (val->value[i2] != '-') {
549 X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_INVALID_ASNUMBER);
550 X509V3_conf_err(val);
551 goto err;
552 }
553 i2++;
554 i2 = i2 + strspn(val->value + i2, " \t");
555 i3 = i2 + strspn(val->value + i2, "0123456789");
556 if (val->value[i3] != '\0') {
557 X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_INVALID_ASRANGE);
558 X509V3_conf_err(val);
559 goto err;
560 }
561 }
562
563 /*
564 * Syntax is ok, read and add it.
565 */
566 if (!is_range) {
567 if (!X509V3_get_value_int(val, &min)) {
568 X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
569 goto err;
570 }
571 } else {
572 char *s = BUF_strdup(val->value);
573 if (s == NULL) {
574 X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
575 goto err;
576 }
577 s[i1] = '\0';
578 min = s2i_ASN1_INTEGER(NULL, s);
579 max = s2i_ASN1_INTEGER(NULL, s + i2);
580 OPENSSL_free(s);
581 if (min == NULL || max == NULL) {
582 ASN1_INTEGER_free(min);
583 ASN1_INTEGER_free(max);
584 X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
585 goto err;
586 }
587 }
588 if (!v3_asid_add_id_or_range(asid, which, min, max)) {
589 ASN1_INTEGER_free(min);
590 ASN1_INTEGER_free(max);
591 X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
592 goto err;
593 }
594 }
595
596 /*
597 * Canonize the result, then we're done.
598 */
599 if (!v3_asid_canonize(asid))
600 goto err;
601 return asid;
602
603 err:
604 ASIdentifiers_free(asid);
605 return NULL;
606}
607
608/*
609 * OpenSSL dispatch.
610 */
611const X509V3_EXT_METHOD v3_asid = {
612 NID_sbgp_autonomousSysNum, /* nid */
613 0, /* flags */
614 ASN1_ITEM_ref(ASIdentifiers), /* template */
615 0, 0, 0, 0, /* old functions, ignored */
616 0, /* i2s */
617 0, /* s2i */
618 0, /* i2v */
619 v2i_ASIdentifiers, /* v2i */
620 i2r_ASIdentifiers, /* i2r */
621 0, /* r2i */
622 NULL /* extension-specific data */
623};
624
625/*
626 * Figure out whether extension uses inheritance.
627 */
628int v3_asid_inherits(ASIdentifiers *asid)
629{
630 return (asid != NULL &&
631 ((asid->asnum != NULL &&
632 asid->asnum->type == ASIdentifierChoice_inherit) ||
633 (asid->rdi != NULL &&
634 asid->rdi->type == ASIdentifierChoice_inherit)));
635}
636
637/*
638 * Figure out whether parent contains child.
639 */
640static int asid_contains(ASIdOrRanges *parent, ASIdOrRanges *child)
641{
642 ASN1_INTEGER *p_min, *p_max, *c_min, *c_max;
643 int p, c;
644
645 if (child == NULL || parent == child)
646 return 1;
647 if (parent == NULL)
648 return 0;
649
650 p = 0;
651 for (c = 0; c < sk_ASIdOrRange_num(child); c++) {
652 extract_min_max(sk_ASIdOrRange_value(child, c), &c_min, &c_max);
653 for (;; p++) {
654 if (p >= sk_ASIdOrRange_num(parent))
655 return 0;
656 extract_min_max(sk_ASIdOrRange_value(parent, p), &p_min, &p_max);
657 if (ASN1_INTEGER_cmp(p_max, c_max) < 0)
658 continue;
659 if (ASN1_INTEGER_cmp(p_min, c_min) > 0)
660 return 0;
661 break;
662 }
663 }
664
665 return 1;
666}
667
668/*
669 * Test whether a is a subet of b.
670 */
671int v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b)
672{
673 return (a == NULL ||
674 a == b ||
675 (b != NULL &&
676 !v3_asid_inherits(a) &&
677 !v3_asid_inherits(b) &&
678 asid_contains(b->asnum->u.asIdsOrRanges,
679 a->asnum->u.asIdsOrRanges) &&
680 asid_contains(b->rdi->u.asIdsOrRanges,
681 a->rdi->u.asIdsOrRanges)));
682}
683
684/*
685 * Validation error handling via callback.
686 */
687#define validation_err(_err_) \
688 do { \
689 if (ctx != NULL) { \
690 ctx->error = _err_; \
691 ctx->error_depth = i; \
692 ctx->current_cert = x; \
693 ret = ctx->verify_cb(0, ctx); \
694 } else { \
695 ret = 0; \
696 } \
697 if (!ret) \
698 goto done; \
699 } while (0)
700
701/*
702 * Core code for RFC 3779 3.3 path validation.
703 */
704static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
705 STACK_OF(X509) *chain,
706 ASIdentifiers *ext)
707{
708 ASIdOrRanges *child_as = NULL, *child_rdi = NULL;
709 int i, ret = 1, inherit_as = 0, inherit_rdi = 0;
710 X509 *x = NULL;
711
712 assert(chain != NULL && sk_X509_num(chain) > 0);
713 assert(ctx != NULL || ext != NULL);
714 assert(ctx == NULL || ctx->verify_cb != NULL);
715
716 /*
717 * Figure out where to start. If we don't have an extension to
718 * check, we're done. Otherwise, check canonical form and
719 * set up for walking up the chain.
720 */
721 if (ext != NULL) {
722 i = -1;
723 } else {
724 i = 0;
725 x = sk_X509_value(chain, i);
726 assert(x != NULL);
727 if ((ext = x->rfc3779_asid) == NULL)
728 goto done;
729 }
730 if (!v3_asid_is_canonical(ext))
731 validation_err(X509_V_ERR_INVALID_EXTENSION);
732 if (ext->asnum != NULL) {
733 switch (ext->asnum->type) {
734 case ASIdentifierChoice_inherit:
735 inherit_as = 1;
736 break;
737 case ASIdentifierChoice_asIdsOrRanges:
738 child_as = ext->asnum->u.asIdsOrRanges;
739 break;
740 }
741 }
742 if (ext->rdi != NULL) {
743 switch (ext->rdi->type) {
744 case ASIdentifierChoice_inherit:
745 inherit_rdi = 1;
746 break;
747 case ASIdentifierChoice_asIdsOrRanges:
748 child_rdi = ext->rdi->u.asIdsOrRanges;
749 break;
750 }
751 }
752
753 /*
754 * Now walk up the chain. Extensions must be in canonical form, no
755 * cert may list resources that its parent doesn't list.
756 */
757 for (i++; i < sk_X509_num(chain); i++) {
758 x = sk_X509_value(chain, i);
759 assert(x != NULL);
760 if (x->rfc3779_asid == NULL) {
761 if (child_as != NULL || child_rdi != NULL)
762 validation_err(X509_V_ERR_UNNESTED_RESOURCE);
763 continue;
764 }
765 if (!v3_asid_is_canonical(x->rfc3779_asid))
766 validation_err(X509_V_ERR_INVALID_EXTENSION);
767 if (x->rfc3779_asid->asnum == NULL && child_as != NULL) {
768 validation_err(X509_V_ERR_UNNESTED_RESOURCE);
769 child_as = NULL;
770 inherit_as = 0;
771 }
772 if (x->rfc3779_asid->asnum != NULL &&
773 x->rfc3779_asid->asnum->type == ASIdentifierChoice_asIdsOrRanges) {
774 if (inherit_as ||
775 asid_contains(x->rfc3779_asid->asnum->u.asIdsOrRanges, child_as)) {
776 child_as = x->rfc3779_asid->asnum->u.asIdsOrRanges;
777 inherit_as = 0;
778 } else {
779 validation_err(X509_V_ERR_UNNESTED_RESOURCE);
780 }
781 }
782 if (x->rfc3779_asid->rdi == NULL && child_rdi != NULL) {
783 validation_err(X509_V_ERR_UNNESTED_RESOURCE);
784 child_rdi = NULL;
785 inherit_rdi = 0;
786 }
787 if (x->rfc3779_asid->rdi != NULL &&
788 x->rfc3779_asid->rdi->type == ASIdentifierChoice_asIdsOrRanges) {
789 if (inherit_rdi ||
790 asid_contains(x->rfc3779_asid->rdi->u.asIdsOrRanges, child_rdi)) {
791 child_rdi = x->rfc3779_asid->rdi->u.asIdsOrRanges;
792 inherit_rdi = 0;
793 } else {
794 validation_err(X509_V_ERR_UNNESTED_RESOURCE);
795 }
796 }
797 }
798
799 /*
800 * Trust anchor can't inherit.
801 */
802 if (x->rfc3779_asid != NULL) {
803 if (x->rfc3779_asid->asnum != NULL &&
804 x->rfc3779_asid->asnum->type == ASIdentifierChoice_inherit)
805 validation_err(X509_V_ERR_UNNESTED_RESOURCE);
806 if (x->rfc3779_asid->rdi != NULL &&
807 x->rfc3779_asid->rdi->type == ASIdentifierChoice_inherit)
808 validation_err(X509_V_ERR_UNNESTED_RESOURCE);
809 }
810
811 done:
812 return ret;
813}
814
815#undef validation_err
816
817/*
818 * RFC 3779 3.3 path validation -- called from X509_verify_cert().
819 */
820int v3_asid_validate_path(X509_STORE_CTX *ctx)
821{
822 return v3_asid_validate_path_internal(ctx, ctx->chain, NULL);
823}
824
825/*
826 * RFC 3779 3.3 path validation of an extension.
827 * Test whether chain covers extension.
828 */
829int v3_asid_validate_resource_set(STACK_OF(X509) *chain,
830 ASIdentifiers *ext,
831 int allow_inheritance)
832{
833 if (ext == NULL)
834 return 1;
835 if (chain == NULL || sk_X509_num(chain) == 0)
836 return 0;
837 if (!allow_inheritance && v3_asid_inherits(ext))
838 return 0;
839 return v3_asid_validate_path_internal(NULL, chain, ext);
840}
841
842#endif /* OPENSSL_NO_RFC3779 */
diff --git a/src/lib/libcrypto/x509v3/v3_bcons.c b/src/lib/libcrypto/x509v3/v3_bcons.c
new file mode 100644
index 0000000000..cbb012715e
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_bcons.c
@@ -0,0 +1,124 @@
1/* v3_bcons.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59
60#include <stdio.h>
61#include "cryptlib.h"
62#include <openssl/asn1.h>
63#include <openssl/asn1t.h>
64#include <openssl/conf.h>
65#include <openssl/x509v3.h>
66
67static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist);
68static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
69
70X509V3_EXT_METHOD v3_bcons = {
71NID_basic_constraints, 0,
72ASN1_ITEM_ref(BASIC_CONSTRAINTS),
730,0,0,0,
740,0,
75(X509V3_EXT_I2V)i2v_BASIC_CONSTRAINTS,
76(X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS,
77NULL,NULL,
78NULL
79};
80
81ASN1_SEQUENCE(BASIC_CONSTRAINTS) = {
82 ASN1_OPT(BASIC_CONSTRAINTS, ca, ASN1_FBOOLEAN),
83 ASN1_OPT(BASIC_CONSTRAINTS, pathlen, ASN1_INTEGER)
84} ASN1_SEQUENCE_END(BASIC_CONSTRAINTS)
85
86IMPLEMENT_ASN1_FUNCTIONS(BASIC_CONSTRAINTS)
87
88
89static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
90 BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist)
91{
92 X509V3_add_value_bool("CA", bcons->ca, &extlist);
93 X509V3_add_value_int("pathlen", bcons->pathlen, &extlist);
94 return extlist;
95}
96
97static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
98 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values)
99{
100 BASIC_CONSTRAINTS *bcons=NULL;
101 CONF_VALUE *val;
102 int i;
103 if(!(bcons = BASIC_CONSTRAINTS_new())) {
104 X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
105 return NULL;
106 }
107 for(i = 0; i < sk_CONF_VALUE_num(values); i++) {
108 val = sk_CONF_VALUE_value(values, i);
109 if(!strcmp(val->name, "CA")) {
110 if(!X509V3_get_value_bool(val, &bcons->ca)) goto err;
111 } else if(!strcmp(val->name, "pathlen")) {
112 if(!X509V3_get_value_int(val, &bcons->pathlen)) goto err;
113 } else {
114 X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, X509V3_R_INVALID_NAME);
115 X509V3_conf_err(val);
116 goto err;
117 }
118 }
119 return bcons;
120 err:
121 BASIC_CONSTRAINTS_free(bcons);
122 return NULL;
123}
124
diff --git a/src/lib/libcrypto/x509v3/v3_bitst.c b/src/lib/libcrypto/x509v3/v3_bitst.c
new file mode 100644
index 0000000000..274965306d
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_bitst.c
@@ -0,0 +1,147 @@
1/* v3_bitst.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/conf.h>
62#include <openssl/x509v3.h>
63
64static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
65 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
66static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
67 ASN1_BIT_STRING *bits,
68 STACK_OF(CONF_VALUE) *extlist);
69
70static BIT_STRING_BITNAME ns_cert_type_table[] = {
71{0, "SSL Client", "client"},
72{1, "SSL Server", "server"},
73{2, "S/MIME", "email"},
74{3, "Object Signing", "objsign"},
75{4, "Unused", "reserved"},
76{5, "SSL CA", "sslCA"},
77{6, "S/MIME CA", "emailCA"},
78{7, "Object Signing CA", "objCA"},
79{-1, NULL, NULL}
80};
81
82static BIT_STRING_BITNAME key_usage_type_table[] = {
83{0, "Digital Signature", "digitalSignature"},
84{1, "Non Repudiation", "nonRepudiation"},
85{2, "Key Encipherment", "keyEncipherment"},
86{3, "Data Encipherment", "dataEncipherment"},
87{4, "Key Agreement", "keyAgreement"},
88{5, "Certificate Sign", "keyCertSign"},
89{6, "CRL Sign", "cRLSign"},
90{7, "Encipher Only", "encipherOnly"},
91{8, "Decipher Only", "decipherOnly"},
92{-1, NULL, NULL}
93};
94
95
96
97X509V3_EXT_METHOD v3_nscert = EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table);
98X509V3_EXT_METHOD v3_key_usage = EXT_BITSTRING(NID_key_usage, key_usage_type_table);
99
100static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
101 ASN1_BIT_STRING *bits, STACK_OF(CONF_VALUE) *ret)
102{
103 BIT_STRING_BITNAME *bnam;
104 for(bnam =method->usr_data; bnam->lname; bnam++) {
105 if(ASN1_BIT_STRING_get_bit(bits, bnam->bitnum))
106 X509V3_add_value(bnam->lname, NULL, &ret);
107 }
108 return ret;
109}
110
111static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
112 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
113{
114 CONF_VALUE *val;
115 ASN1_BIT_STRING *bs;
116 int i;
117 BIT_STRING_BITNAME *bnam;
118 if(!(bs = M_ASN1_BIT_STRING_new())) {
119 X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,ERR_R_MALLOC_FAILURE);
120 return NULL;
121 }
122 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
123 val = sk_CONF_VALUE_value(nval, i);
124 for(bnam = method->usr_data; bnam->lname; bnam++) {
125 if(!strcmp(bnam->sname, val->name) ||
126 !strcmp(bnam->lname, val->name) ) {
127 if(!ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1)) {
128 X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,
129 ERR_R_MALLOC_FAILURE);
130 M_ASN1_BIT_STRING_free(bs);
131 return NULL;
132 }
133 break;
134 }
135 }
136 if(!bnam->lname) {
137 X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,
138 X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT);
139 X509V3_conf_err(val);
140 M_ASN1_BIT_STRING_free(bs);
141 return NULL;
142 }
143 }
144 return bs;
145}
146
147
diff --git a/src/lib/libcrypto/x509v3/v3_conf.c b/src/lib/libcrypto/x509v3/v3_conf.c
new file mode 100644
index 0000000000..1284d5aaa5
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_conf.c
@@ -0,0 +1,485 @@
1/* v3_conf.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58/* extension creation utilities */
59
60
61
62#include <stdio.h>
63#include <ctype.h>
64#include "cryptlib.h"
65#include <openssl/conf.h>
66#include <openssl/x509.h>
67#include <openssl/x509v3.h>
68
69static int v3_check_critical(char **value);
70static int v3_check_generic(char **value);
71static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value);
72static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type);
73static char *conf_lhash_get_string(void *db, char *section, char *value);
74static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section);
75static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
76 int crit, void *ext_struc);
77/* CONF *conf: Config file */
78/* char *name: Name */
79/* char *value: Value */
80X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name,
81 char *value)
82 {
83 int crit;
84 int ext_type;
85 X509_EXTENSION *ret;
86 crit = v3_check_critical(&value);
87 if ((ext_type = v3_check_generic(&value)))
88 return v3_generic_extension(name, value, crit, ext_type);
89 ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value);
90 if (!ret)
91 {
92 X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_ERROR_IN_EXTENSION);
93 ERR_add_error_data(4,"name=", name, ", value=", value);
94 }
95 return ret;
96 }
97
98/* CONF *conf: Config file */
99/* char *value: Value */
100X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
101 char *value)
102 {
103 int crit;
104 int ext_type;
105 crit = v3_check_critical(&value);
106 if ((ext_type = v3_check_generic(&value)))
107 return v3_generic_extension(OBJ_nid2sn(ext_nid),
108 value, crit, ext_type);
109 return do_ext_nconf(conf, ctx, ext_nid, crit, value);
110 }
111
112/* CONF *conf: Config file */
113/* char *value: Value */
114static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
115 int crit, char *value)
116 {
117 X509V3_EXT_METHOD *method;
118 X509_EXTENSION *ext;
119 STACK_OF(CONF_VALUE) *nval;
120 void *ext_struc;
121 if (ext_nid == NID_undef)
122 {
123 X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION_NAME);
124 return NULL;
125 }
126 if (!(method = X509V3_EXT_get_nid(ext_nid)))
127 {
128 X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION);
129 return NULL;
130 }
131 /* Now get internal extension representation based on type */
132 if (method->v2i)
133 {
134 if(*value == '@') nval = NCONF_get_section(conf, value + 1);
135 else nval = X509V3_parse_list(value);
136 if(!nval)
137 {
138 X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_INVALID_EXTENSION_STRING);
139 ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value);
140 return NULL;
141 }
142 ext_struc = method->v2i(method, ctx, nval);
143 if(*value != '@') sk_CONF_VALUE_pop_free(nval,
144 X509V3_conf_free);
145 if(!ext_struc) return NULL;
146 }
147 else if(method->s2i)
148 {
149 if(!(ext_struc = method->s2i(method, ctx, value))) return NULL;
150 }
151 else if(method->r2i)
152 {
153 if(!ctx->db)
154 {
155 X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_NO_CONFIG_DATABASE);
156 return NULL;
157 }
158 if(!(ext_struc = method->r2i(method, ctx, value))) return NULL;
159 }
160 else
161 {
162 X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED);
163 ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid));
164 return NULL;
165 }
166
167 ext = do_ext_i2d(method, ext_nid, crit, ext_struc);
168 if(method->it) ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it));
169 else method->ext_free(ext_struc);
170 return ext;
171
172 }
173
174static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
175 int crit, void *ext_struc)
176 {
177 unsigned char *ext_der;
178 int ext_len;
179 ASN1_OCTET_STRING *ext_oct;
180 X509_EXTENSION *ext;
181 /* Convert internal representation to DER */
182 if (method->it)
183 {
184 ext_der = NULL;
185 ext_len = ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it));
186 if (ext_len < 0) goto merr;
187 }
188 else
189 {
190 unsigned char *p;
191 ext_len = method->i2d(ext_struc, NULL);
192 if(!(ext_der = OPENSSL_malloc(ext_len))) goto merr;
193 p = ext_der;
194 method->i2d(ext_struc, &p);
195 }
196 if (!(ext_oct = M_ASN1_OCTET_STRING_new())) goto merr;
197 ext_oct->data = ext_der;
198 ext_oct->length = ext_len;
199
200 ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct);
201 if (!ext) goto merr;
202 M_ASN1_OCTET_STRING_free(ext_oct);
203
204 return ext;
205
206 merr:
207 X509V3err(X509V3_F_DO_EXT_I2D,ERR_R_MALLOC_FAILURE);
208 return NULL;
209
210 }
211
212/* Given an internal structure, nid and critical flag create an extension */
213
214X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
215 {
216 X509V3_EXT_METHOD *method;
217 if (!(method = X509V3_EXT_get_nid(ext_nid))) {
218 X509V3err(X509V3_F_X509V3_EXT_I2D,X509V3_R_UNKNOWN_EXTENSION);
219 return NULL;
220 }
221 return do_ext_i2d(method, ext_nid, crit, ext_struc);
222}
223
224/* Check the extension string for critical flag */
225static int v3_check_critical(char **value)
226{
227 char *p = *value;
228 if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0;
229 p+=9;
230 while(isspace((unsigned char)*p)) p++;
231 *value = p;
232 return 1;
233}
234
235/* Check extension string for generic extension and return the type */
236static int v3_check_generic(char **value)
237{
238 char *p = *value;
239 if ((strlen(p) < 4) || strncmp(p, "DER:", 4)) return 0;
240 p+=4;
241 while (isspace((unsigned char)*p)) p++;
242 *value = p;
243 return 1;
244}
245
246/* Create a generic extension: for now just handle DER type */
247static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
248 int crit, int type)
249 {
250 unsigned char *ext_der=NULL;
251 long ext_len;
252 ASN1_OBJECT *obj=NULL;
253 ASN1_OCTET_STRING *oct=NULL;
254 X509_EXTENSION *extension=NULL;
255 if (!(obj = OBJ_txt2obj(ext, 0)))
256 {
257 X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_NAME_ERROR);
258 ERR_add_error_data(2, "name=", ext);
259 goto err;
260 }
261
262 if (!(ext_der = string_to_hex(value, &ext_len)))
263 {
264 X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR);
265 ERR_add_error_data(2, "value=", value);
266 goto err;
267 }
268
269 if (!(oct = M_ASN1_OCTET_STRING_new()))
270 {
271 X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE);
272 goto err;
273 }
274
275 oct->data = ext_der;
276 oct->length = ext_len;
277 ext_der = NULL;
278
279 extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct);
280
281 err:
282 ASN1_OBJECT_free(obj);
283 M_ASN1_OCTET_STRING_free(oct);
284 if(ext_der) OPENSSL_free(ext_der);
285 return extension;
286
287 }
288
289
290/* This is the main function: add a bunch of extensions based on a config file
291 * section to an extension STACK.
292 */
293
294
295int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,
296 STACK_OF(X509_EXTENSION) **sk)
297 {
298 X509_EXTENSION *ext;
299 STACK_OF(CONF_VALUE) *nval;
300 CONF_VALUE *val;
301 int i;
302 if (!(nval = NCONF_get_section(conf, section))) return 0;
303 for (i = 0; i < sk_CONF_VALUE_num(nval); i++)
304 {
305 val = sk_CONF_VALUE_value(nval, i);
306 if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value)))
307 return 0;
308 if (sk) X509v3_add_ext(sk, ext, -1);
309 X509_EXTENSION_free(ext);
310 }
311 return 1;
312 }
313
314/* Convenience functions to add extensions to a certificate, CRL and request */
315
316int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
317 X509 *cert)
318 {
319 STACK_OF(X509_EXTENSION) **sk = NULL;
320 if (cert)
321 sk = &cert->cert_info->extensions;
322 return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
323 }
324
325/* Same as above but for a CRL */
326
327int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
328 X509_CRL *crl)
329 {
330 STACK_OF(X509_EXTENSION) **sk = NULL;
331 if (crl)
332 sk = &crl->crl->extensions;
333 return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
334 }
335
336/* Add extensions to certificate request */
337
338int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
339 X509_REQ *req)
340 {
341 STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL;
342 int i;
343 if (req)
344 sk = &extlist;
345 i = X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
346 if (!i || !sk)
347 return i;
348 i = X509_REQ_add_extensions(req, extlist);
349 sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free);
350 return i;
351 }
352
353/* Config database functions */
354
355char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section)
356 {
357 if (ctx->db_meth->get_string)
358 return ctx->db_meth->get_string(ctx->db, name, section);
359 return NULL;
360 }
361
362STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section)
363 {
364 if (ctx->db_meth->get_section)
365 return ctx->db_meth->get_section(ctx->db, section);
366 return NULL;
367 }
368
369void X509V3_string_free(X509V3_CTX *ctx, char *str)
370 {
371 if (!str) return;
372 if (ctx->db_meth->free_string)
373 ctx->db_meth->free_string(ctx->db, str);
374 }
375
376void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section)
377 {
378 if (!section) return;
379 if (ctx->db_meth->free_section)
380 ctx->db_meth->free_section(ctx->db, section);
381 }
382
383static char *nconf_get_string(void *db, char *section, char *value)
384 {
385 return NCONF_get_string(db, section, value);
386 }
387
388static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section)
389 {
390 return NCONF_get_section(db, section);
391 }
392
393static X509V3_CONF_METHOD nconf_method = {
394nconf_get_string,
395nconf_get_section,
396NULL,
397NULL
398};
399
400void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf)
401 {
402 ctx->db_meth = &nconf_method;
403 ctx->db = conf;
404 }
405
406void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req,
407 X509_CRL *crl, int flags)
408 {
409 ctx->issuer_cert = issuer;
410 ctx->subject_cert = subj;
411 ctx->crl = crl;
412 ctx->subject_req = req;
413 ctx->flags = flags;
414 }
415
416/* Old conf compatibility functions */
417
418X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name,
419 char *value)
420 {
421 CONF ctmp;
422 CONF_set_nconf(&ctmp, conf);
423 return X509V3_EXT_nconf(&ctmp, ctx, name, value);
424 }
425
426/* LHASH *conf: Config file */
427/* char *value: Value */
428X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
429 char *value)
430 {
431 CONF ctmp;
432 CONF_set_nconf(&ctmp, conf);
433 return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value);
434 }
435
436static char *conf_lhash_get_string(void *db, char *section, char *value)
437 {
438 return CONF_get_string(db, section, value);
439 }
440
441static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section)
442 {
443 return CONF_get_section(db, section);
444 }
445
446static X509V3_CONF_METHOD conf_lhash_method = {
447conf_lhash_get_string,
448conf_lhash_get_section,
449NULL,
450NULL
451};
452
453void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash)
454 {
455 ctx->db_meth = &conf_lhash_method;
456 ctx->db = lhash;
457 }
458
459int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
460 X509 *cert)
461 {
462 CONF ctmp;
463 CONF_set_nconf(&ctmp, conf);
464 return X509V3_EXT_add_nconf(&ctmp, ctx, section, cert);
465 }
466
467/* Same as above but for a CRL */
468
469int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
470 X509_CRL *crl)
471 {
472 CONF ctmp;
473 CONF_set_nconf(&ctmp, conf);
474 return X509V3_EXT_CRL_add_nconf(&ctmp, ctx, section, crl);
475 }
476
477/* Add extensions to certificate request */
478
479int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
480 X509_REQ *req)
481 {
482 CONF ctmp;
483 CONF_set_nconf(&ctmp, conf);
484 return X509V3_EXT_REQ_add_nconf(&ctmp, ctx, section, req);
485 }
diff --git a/src/lib/libcrypto/x509v3/v3_cpols.c b/src/lib/libcrypto/x509v3/v3_cpols.c
new file mode 100644
index 0000000000..867525f336
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_cpols.c
@@ -0,0 +1,431 @@
1/* v3_cpols.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/conf.h>
62#include <openssl/asn1.h>
63#include <openssl/asn1t.h>
64#include <openssl/x509v3.h>
65
66/* Certificate policies extension support: this one is a bit complex... */
67
68static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, BIO *out, int indent);
69static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *value);
70static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, int indent);
71static void print_notice(BIO *out, USERNOTICE *notice, int indent);
72static POLICYINFO *policy_section(X509V3_CTX *ctx,
73 STACK_OF(CONF_VALUE) *polstrs, int ia5org);
74static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
75 STACK_OF(CONF_VALUE) *unot, int ia5org);
76static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos);
77
78X509V3_EXT_METHOD v3_cpols = {
79NID_certificate_policies, 0,ASN1_ITEM_ref(CERTIFICATEPOLICIES),
800,0,0,0,
810,0,
820,0,
83(X509V3_EXT_I2R)i2r_certpol,
84(X509V3_EXT_R2I)r2i_certpol,
85NULL
86};
87
88ASN1_ITEM_TEMPLATE(CERTIFICATEPOLICIES) =
89 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CERTIFICATEPOLICIES, POLICYINFO)
90ASN1_ITEM_TEMPLATE_END(CERTIFICATEPOLICIES)
91
92IMPLEMENT_ASN1_FUNCTIONS(CERTIFICATEPOLICIES)
93
94ASN1_SEQUENCE(POLICYINFO) = {
95 ASN1_SIMPLE(POLICYINFO, policyid, ASN1_OBJECT),
96 ASN1_SEQUENCE_OF_OPT(POLICYINFO, qualifiers, POLICYQUALINFO)
97} ASN1_SEQUENCE_END(POLICYINFO)
98
99IMPLEMENT_ASN1_FUNCTIONS(POLICYINFO)
100
101ASN1_ADB_TEMPLATE(policydefault) = ASN1_SIMPLE(POLICYQUALINFO, d.other, ASN1_ANY);
102
103ASN1_ADB(POLICYQUALINFO) = {
104 ADB_ENTRY(NID_id_qt_cps, ASN1_SIMPLE(POLICYQUALINFO, d.cpsuri, ASN1_IA5STRING)),
105 ADB_ENTRY(NID_id_qt_unotice, ASN1_SIMPLE(POLICYQUALINFO, d.usernotice, USERNOTICE))
106} ASN1_ADB_END(POLICYQUALINFO, 0, pqualid, 0, &policydefault_tt, NULL);
107
108ASN1_SEQUENCE(POLICYQUALINFO) = {
109 ASN1_SIMPLE(POLICYQUALINFO, pqualid, ASN1_OBJECT),
110 ASN1_ADB_OBJECT(POLICYQUALINFO)
111} ASN1_SEQUENCE_END(POLICYQUALINFO)
112
113IMPLEMENT_ASN1_FUNCTIONS(POLICYQUALINFO)
114
115ASN1_SEQUENCE(USERNOTICE) = {
116 ASN1_OPT(USERNOTICE, noticeref, NOTICEREF),
117 ASN1_OPT(USERNOTICE, exptext, DISPLAYTEXT)
118} ASN1_SEQUENCE_END(USERNOTICE)
119
120IMPLEMENT_ASN1_FUNCTIONS(USERNOTICE)
121
122ASN1_SEQUENCE(NOTICEREF) = {
123 ASN1_SIMPLE(NOTICEREF, organization, DISPLAYTEXT),
124 ASN1_SEQUENCE_OF(NOTICEREF, noticenos, ASN1_INTEGER)
125} ASN1_SEQUENCE_END(NOTICEREF)
126
127IMPLEMENT_ASN1_FUNCTIONS(NOTICEREF)
128
129static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
130 X509V3_CTX *ctx, char *value)
131{
132 STACK_OF(POLICYINFO) *pols = NULL;
133 char *pstr;
134 POLICYINFO *pol;
135 ASN1_OBJECT *pobj;
136 STACK_OF(CONF_VALUE) *vals;
137 CONF_VALUE *cnf;
138 int i, ia5org;
139 pols = sk_POLICYINFO_new_null();
140 if (pols == NULL) {
141 X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
142 return NULL;
143 }
144 vals = X509V3_parse_list(value);
145 if (vals == NULL) {
146 X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_X509V3_LIB);
147 goto err;
148 }
149 ia5org = 0;
150 for(i = 0; i < sk_CONF_VALUE_num(vals); i++) {
151 cnf = sk_CONF_VALUE_value(vals, i);
152 if(cnf->value || !cnf->name ) {
153 X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_POLICY_IDENTIFIER);
154 X509V3_conf_err(cnf);
155 goto err;
156 }
157 pstr = cnf->name;
158 if(!strcmp(pstr,"ia5org")) {
159 ia5org = 1;
160 continue;
161 } else if(*pstr == '@') {
162 STACK_OF(CONF_VALUE) *polsect;
163 polsect = X509V3_get_section(ctx, pstr + 1);
164 if(!polsect) {
165 X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_SECTION);
166
167 X509V3_conf_err(cnf);
168 goto err;
169 }
170 pol = policy_section(ctx, polsect, ia5org);
171 X509V3_section_free(ctx, polsect);
172 if(!pol) goto err;
173 } else {
174 if(!(pobj = OBJ_txt2obj(cnf->name, 0))) {
175 X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_OBJECT_IDENTIFIER);
176 X509V3_conf_err(cnf);
177 goto err;
178 }
179 pol = POLICYINFO_new();
180 pol->policyid = pobj;
181 }
182 sk_POLICYINFO_push(pols, pol);
183 }
184 sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
185 return pols;
186 err:
187 sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
188 sk_POLICYINFO_pop_free(pols, POLICYINFO_free);
189 return NULL;
190}
191
192static POLICYINFO *policy_section(X509V3_CTX *ctx,
193 STACK_OF(CONF_VALUE) *polstrs, int ia5org)
194{
195 int i;
196 CONF_VALUE *cnf;
197 POLICYINFO *pol;
198 POLICYQUALINFO *qual;
199 if(!(pol = POLICYINFO_new())) goto merr;
200 for(i = 0; i < sk_CONF_VALUE_num(polstrs); i++) {
201 cnf = sk_CONF_VALUE_value(polstrs, i);
202 if(!strcmp(cnf->name, "policyIdentifier")) {
203 ASN1_OBJECT *pobj;
204 if(!(pobj = OBJ_txt2obj(cnf->value, 0))) {
205 X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_OBJECT_IDENTIFIER);
206 X509V3_conf_err(cnf);
207 goto err;
208 }
209 pol->policyid = pobj;
210
211 } else if(!name_cmp(cnf->name, "CPS")) {
212 if(!pol->qualifiers) pol->qualifiers =
213 sk_POLICYQUALINFO_new_null();
214 if(!(qual = POLICYQUALINFO_new())) goto merr;
215 if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
216 goto merr;
217 qual->pqualid = OBJ_nid2obj(NID_id_qt_cps);
218 qual->d.cpsuri = M_ASN1_IA5STRING_new();
219 if(!ASN1_STRING_set(qual->d.cpsuri, cnf->value,
220 strlen(cnf->value))) goto merr;
221 } else if(!name_cmp(cnf->name, "userNotice")) {
222 STACK_OF(CONF_VALUE) *unot;
223 if(*cnf->value != '@') {
224 X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_EXPECTED_A_SECTION_NAME);
225 X509V3_conf_err(cnf);
226 goto err;
227 }
228 unot = X509V3_get_section(ctx, cnf->value + 1);
229 if(!unot) {
230 X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_SECTION);
231
232 X509V3_conf_err(cnf);
233 goto err;
234 }
235 qual = notice_section(ctx, unot, ia5org);
236 X509V3_section_free(ctx, unot);
237 if(!qual) goto err;
238 if(!pol->qualifiers) pol->qualifiers =
239 sk_POLICYQUALINFO_new_null();
240 if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
241 goto merr;
242 } else {
243 X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_OPTION);
244
245 X509V3_conf_err(cnf);
246 goto err;
247 }
248 }
249 if(!pol->policyid) {
250 X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_NO_POLICY_IDENTIFIER);
251 goto err;
252 }
253
254 return pol;
255
256 merr:
257 X509V3err(X509V3_F_POLICY_SECTION,ERR_R_MALLOC_FAILURE);
258
259 err:
260 POLICYINFO_free(pol);
261 return NULL;
262
263
264}
265
266static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
267 STACK_OF(CONF_VALUE) *unot, int ia5org)
268{
269 int i, ret;
270 CONF_VALUE *cnf;
271 USERNOTICE *not;
272 POLICYQUALINFO *qual;
273 if(!(qual = POLICYQUALINFO_new())) goto merr;
274 qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice);
275 if(!(not = USERNOTICE_new())) goto merr;
276 qual->d.usernotice = not;
277 for(i = 0; i < sk_CONF_VALUE_num(unot); i++) {
278 cnf = sk_CONF_VALUE_value(unot, i);
279 if(!strcmp(cnf->name, "explicitText")) {
280 not->exptext = M_ASN1_VISIBLESTRING_new();
281 if(!ASN1_STRING_set(not->exptext, cnf->value,
282 strlen(cnf->value))) goto merr;
283 } else if(!strcmp(cnf->name, "organization")) {
284 NOTICEREF *nref;
285 if(!not->noticeref) {
286 if(!(nref = NOTICEREF_new())) goto merr;
287 not->noticeref = nref;
288 } else nref = not->noticeref;
289 if(ia5org) nref->organization->type = V_ASN1_IA5STRING;
290 else nref->organization->type = V_ASN1_VISIBLESTRING;
291 if(!ASN1_STRING_set(nref->organization, cnf->value,
292 strlen(cnf->value))) goto merr;
293 } else if(!strcmp(cnf->name, "noticeNumbers")) {
294 NOTICEREF *nref;
295 STACK_OF(CONF_VALUE) *nos;
296 if(!not->noticeref) {
297 if(!(nref = NOTICEREF_new())) goto merr;
298 not->noticeref = nref;
299 } else nref = not->noticeref;
300 nos = X509V3_parse_list(cnf->value);
301 if(!nos || !sk_CONF_VALUE_num(nos)) {
302 X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_NUMBERS);
303 X509V3_conf_err(cnf);
304 goto err;
305 }
306 ret = nref_nos(nref->noticenos, nos);
307 sk_CONF_VALUE_pop_free(nos, X509V3_conf_free);
308 if (!ret)
309 goto err;
310 } else {
311 X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_OPTION);
312 X509V3_conf_err(cnf);
313 goto err;
314 }
315 }
316
317 if(not->noticeref &&
318 (!not->noticeref->noticenos || !not->noticeref->organization)) {
319 X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_NEED_ORGANIZATION_AND_NUMBERS);
320 goto err;
321 }
322
323 return qual;
324
325 merr:
326 X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE);
327
328 err:
329 POLICYQUALINFO_free(qual);
330 return NULL;
331}
332
333static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos)
334{
335 CONF_VALUE *cnf;
336 ASN1_INTEGER *aint;
337
338 int i;
339
340 for(i = 0; i < sk_CONF_VALUE_num(nos); i++) {
341 cnf = sk_CONF_VALUE_value(nos, i);
342 if(!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) {
343 X509V3err(X509V3_F_NREF_NOS,X509V3_R_INVALID_NUMBER);
344 goto err;
345 }
346 if(!sk_ASN1_INTEGER_push(nnums, aint)) goto merr;
347 }
348 return 1;
349
350 merr:
351 X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE);
352
353 err:
354 sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free);
355 return 0;
356}
357
358
359static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol,
360 BIO *out, int indent)
361{
362 int i;
363 POLICYINFO *pinfo;
364 /* First print out the policy OIDs */
365 for(i = 0; i < sk_POLICYINFO_num(pol); i++) {
366 pinfo = sk_POLICYINFO_value(pol, i);
367 BIO_printf(out, "%*sPolicy: ", indent, "");
368 i2a_ASN1_OBJECT(out, pinfo->policyid);
369 BIO_puts(out, "\n");
370 if(pinfo->qualifiers)
371 print_qualifiers(out, pinfo->qualifiers, indent + 2);
372 }
373 return 1;
374}
375
376static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals,
377 int indent)
378{
379 POLICYQUALINFO *qualinfo;
380 int i;
381 for(i = 0; i < sk_POLICYQUALINFO_num(quals); i++) {
382 qualinfo = sk_POLICYQUALINFO_value(quals, i);
383 switch(OBJ_obj2nid(qualinfo->pqualid))
384 {
385 case NID_id_qt_cps:
386 BIO_printf(out, "%*sCPS: %s\n", indent, "",
387 qualinfo->d.cpsuri->data);
388 break;
389
390 case NID_id_qt_unotice:
391 BIO_printf(out, "%*sUser Notice:\n", indent, "");
392 print_notice(out, qualinfo->d.usernotice, indent + 2);
393 break;
394
395 default:
396 BIO_printf(out, "%*sUnknown Qualifier: ",
397 indent + 2, "");
398
399 i2a_ASN1_OBJECT(out, qualinfo->pqualid);
400 BIO_puts(out, "\n");
401 break;
402 }
403 }
404}
405
406static void print_notice(BIO *out, USERNOTICE *notice, int indent)
407{
408 int i;
409 if(notice->noticeref) {
410 NOTICEREF *ref;
411 ref = notice->noticeref;
412 BIO_printf(out, "%*sOrganization: %s\n", indent, "",
413 ref->organization->data);
414 BIO_printf(out, "%*sNumber%s: ", indent, "",
415 sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : "");
416 for(i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) {
417 ASN1_INTEGER *num;
418 char *tmp;
419 num = sk_ASN1_INTEGER_value(ref->noticenos, i);
420 if(i) BIO_puts(out, ", ");
421 tmp = i2s_ASN1_INTEGER(NULL, num);
422 BIO_puts(out, tmp);
423 OPENSSL_free(tmp);
424 }
425 BIO_puts(out, "\n");
426 }
427 if(notice->exptext)
428 BIO_printf(out, "%*sExplicit Text: %s\n", indent, "",
429 notice->exptext->data);
430}
431
diff --git a/src/lib/libcrypto/x509v3/v3_crld.c b/src/lib/libcrypto/x509v3/v3_crld.c
new file mode 100644
index 0000000000..f90829c574
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_crld.c
@@ -0,0 +1,162 @@
1/* v3_crld.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/conf.h>
62#include <openssl/asn1.h>
63#include <openssl/asn1t.h>
64#include <openssl/x509v3.h>
65
66static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method,
67 STACK_OF(DIST_POINT) *crld, STACK_OF(CONF_VALUE) *extlist);
68static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
69 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
70
71X509V3_EXT_METHOD v3_crld = {
72NID_crl_distribution_points, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(CRL_DIST_POINTS),
730,0,0,0,
740,0,
75(X509V3_EXT_I2V)i2v_crld,
76(X509V3_EXT_V2I)v2i_crld,
770,0,
78NULL
79};
80
81static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method,
82 STACK_OF(DIST_POINT) *crld, STACK_OF(CONF_VALUE) *exts)
83{
84 DIST_POINT *point;
85 int i;
86 for(i = 0; i < sk_DIST_POINT_num(crld); i++) {
87 point = sk_DIST_POINT_value(crld, i);
88 if(point->distpoint) {
89 if(point->distpoint->type == 0)
90 exts = i2v_GENERAL_NAMES(NULL,
91 point->distpoint->name.fullname, exts);
92 else X509V3_add_value("RelativeName","<UNSUPPORTED>", &exts);
93 }
94 if(point->reasons)
95 X509V3_add_value("reasons","<UNSUPPORTED>", &exts);
96 if(point->CRLissuer)
97 X509V3_add_value("CRLissuer","<UNSUPPORTED>", &exts);
98 }
99 return exts;
100}
101
102static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
103 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
104{
105 STACK_OF(DIST_POINT) *crld = NULL;
106 GENERAL_NAMES *gens = NULL;
107 GENERAL_NAME *gen = NULL;
108 CONF_VALUE *cnf;
109 int i;
110 if(!(crld = sk_DIST_POINT_new_null())) goto merr;
111 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
112 DIST_POINT *point;
113 cnf = sk_CONF_VALUE_value(nval, i);
114 if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err;
115 if(!(gens = GENERAL_NAMES_new())) goto merr;
116 if(!sk_GENERAL_NAME_push(gens, gen)) goto merr;
117 gen = NULL;
118 if(!(point = DIST_POINT_new())) goto merr;
119 if(!sk_DIST_POINT_push(crld, point)) {
120 DIST_POINT_free(point);
121 goto merr;
122 }
123 if(!(point->distpoint = DIST_POINT_NAME_new())) goto merr;
124 point->distpoint->name.fullname = gens;
125 point->distpoint->type = 0;
126 gens = NULL;
127 }
128 return crld;
129
130 merr:
131 X509V3err(X509V3_F_V2I_CRLD,ERR_R_MALLOC_FAILURE);
132 err:
133 GENERAL_NAME_free(gen);
134 GENERAL_NAMES_free(gens);
135 sk_DIST_POINT_pop_free(crld, DIST_POINT_free);
136 return NULL;
137}
138
139IMPLEMENT_STACK_OF(DIST_POINT)
140IMPLEMENT_ASN1_SET_OF(DIST_POINT)
141
142
143ASN1_CHOICE(DIST_POINT_NAME) = {
144 ASN1_IMP_SEQUENCE_OF(DIST_POINT_NAME, name.fullname, GENERAL_NAME, 0),
145 ASN1_IMP_SET_OF(DIST_POINT_NAME, name.relativename, X509_NAME_ENTRY, 1)
146} ASN1_CHOICE_END(DIST_POINT_NAME)
147
148IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT_NAME)
149
150ASN1_SEQUENCE(DIST_POINT) = {
151 ASN1_EXP_OPT(DIST_POINT, distpoint, DIST_POINT_NAME, 0),
152 ASN1_IMP_OPT(DIST_POINT, reasons, ASN1_BIT_STRING, 1),
153 ASN1_IMP_SEQUENCE_OF_OPT(DIST_POINT, CRLissuer, GENERAL_NAME, 2)
154} ASN1_SEQUENCE_END(DIST_POINT)
155
156IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT)
157
158ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) =
159 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CRLDistributionPoints, DIST_POINT)
160ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS)
161
162IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS)
diff --git a/src/lib/libcrypto/x509v3/v3_enum.c b/src/lib/libcrypto/x509v3/v3_enum.c
new file mode 100644
index 0000000000..010c9d6260
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_enum.c
@@ -0,0 +1,94 @@
1/* v3_enum.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/x509v3.h>
62
63static ENUMERATED_NAMES crl_reasons[] = {
64{0, "Unspecified", "unspecified"},
65{1, "Key Compromise", "keyCompromise"},
66{2, "CA Compromise", "CACompromise"},
67{3, "Affiliation Changed", "affiliationChanged"},
68{4, "Superseded", "superseded"},
69{5, "Cessation Of Operation", "cessationOfOperation"},
70{6, "Certificate Hold", "certificateHold"},
71{8, "Remove From CRL", "removeFromCRL"},
72{-1, NULL, NULL}
73};
74
75X509V3_EXT_METHOD v3_crl_reason = {
76NID_crl_reason, 0, ASN1_ITEM_ref(ASN1_ENUMERATED),
770,0,0,0,
78(X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE,
790,
800,0,0,0,
81crl_reasons};
82
83
84char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method,
85 ASN1_ENUMERATED *e)
86{
87 ENUMERATED_NAMES *enam;
88 long strval;
89 strval = ASN1_ENUMERATED_get(e);
90 for(enam = method->usr_data; enam->lname; enam++) {
91 if(strval == enam->bitnum) return BUF_strdup(enam->lname);
92 }
93 return i2s_ASN1_ENUMERATED(method, e);
94}
diff --git a/src/lib/libcrypto/x509v3/v3_extku.c b/src/lib/libcrypto/x509v3/v3_extku.c
new file mode 100644
index 0000000000..b1cfaba1aa
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_extku.c
@@ -0,0 +1,142 @@
1/* v3_extku.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59
60#include <stdio.h>
61#include "cryptlib.h"
62#include <openssl/asn1t.h>
63#include <openssl/conf.h>
64#include <openssl/x509v3.h>
65
66static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
67 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
68static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
69 void *eku, STACK_OF(CONF_VALUE) *extlist);
70
71X509V3_EXT_METHOD v3_ext_ku = {
72 NID_ext_key_usage, 0,
73 ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
74 0,0,0,0,
75 0,0,
76 i2v_EXTENDED_KEY_USAGE,
77 v2i_EXTENDED_KEY_USAGE,
78 0,0,
79 NULL
80};
81
82/* NB OCSP acceptable responses also is a SEQUENCE OF OBJECT */
83X509V3_EXT_METHOD v3_ocsp_accresp = {
84 NID_id_pkix_OCSP_acceptableResponses, 0,
85 ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
86 0,0,0,0,
87 0,0,
88 i2v_EXTENDED_KEY_USAGE,
89 v2i_EXTENDED_KEY_USAGE,
90 0,0,
91 NULL
92};
93
94ASN1_ITEM_TEMPLATE(EXTENDED_KEY_USAGE) =
95 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, EXTENDED_KEY_USAGE, ASN1_OBJECT)
96ASN1_ITEM_TEMPLATE_END(EXTENDED_KEY_USAGE)
97
98IMPLEMENT_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)
99
100static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
101 void *a, STACK_OF(CONF_VALUE) *ext_list)
102{
103 EXTENDED_KEY_USAGE *eku = a;
104 int i;
105 ASN1_OBJECT *obj;
106 char obj_tmp[80];
107 for(i = 0; i < sk_ASN1_OBJECT_num(eku); i++) {
108 obj = sk_ASN1_OBJECT_value(eku, i);
109 i2t_ASN1_OBJECT(obj_tmp, 80, obj);
110 X509V3_add_value(NULL, obj_tmp, &ext_list);
111 }
112 return ext_list;
113}
114
115static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
116 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
117{
118 EXTENDED_KEY_USAGE *extku;
119 char *extval;
120 ASN1_OBJECT *objtmp;
121 CONF_VALUE *val;
122 int i;
123
124 if(!(extku = sk_ASN1_OBJECT_new_null())) {
125 X509V3err(X509V3_F_V2I_EXT_KU,ERR_R_MALLOC_FAILURE);
126 return NULL;
127 }
128
129 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
130 val = sk_CONF_VALUE_value(nval, i);
131 if(val->value) extval = val->value;
132 else extval = val->name;
133 if(!(objtmp = OBJ_txt2obj(extval, 0))) {
134 sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free);
135 X509V3err(X509V3_F_V2I_EXT_KU,X509V3_R_INVALID_OBJECT_IDENTIFIER);
136 X509V3_conf_err(val);
137 return NULL;
138 }
139 sk_ASN1_OBJECT_push(extku, objtmp);
140 }
141 return extku;
142}
diff --git a/src/lib/libcrypto/x509v3/v3_genn.c b/src/lib/libcrypto/x509v3/v3_genn.c
new file mode 100644
index 0000000000..650b510980
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_genn.c
@@ -0,0 +1,101 @@
1/* v3_genn.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59
60#include <stdio.h>
61#include "cryptlib.h"
62#include <openssl/asn1t.h>
63#include <openssl/conf.h>
64#include <openssl/x509v3.h>
65
66ASN1_SEQUENCE(OTHERNAME) = {
67 ASN1_SIMPLE(OTHERNAME, type_id, ASN1_OBJECT),
68 /* Maybe have a true ANY DEFINED BY later */
69 ASN1_EXP(OTHERNAME, value, ASN1_ANY, 0)
70} ASN1_SEQUENCE_END(OTHERNAME)
71
72IMPLEMENT_ASN1_FUNCTIONS(OTHERNAME)
73
74ASN1_SEQUENCE(EDIPARTYNAME) = {
75 ASN1_IMP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0),
76 ASN1_IMP_OPT(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1)
77} ASN1_SEQUENCE_END(EDIPARTYNAME)
78
79IMPLEMENT_ASN1_FUNCTIONS(EDIPARTYNAME)
80
81ASN1_CHOICE(GENERAL_NAME) = {
82 ASN1_IMP(GENERAL_NAME, d.otherName, OTHERNAME, GEN_OTHERNAME),
83 ASN1_IMP(GENERAL_NAME, d.rfc822Name, ASN1_IA5STRING, GEN_EMAIL),
84 ASN1_IMP(GENERAL_NAME, d.dNSName, ASN1_IA5STRING, GEN_DNS),
85 /* Don't decode this */
86 ASN1_IMP(GENERAL_NAME, d.x400Address, ASN1_SEQUENCE, GEN_X400),
87 /* X509_NAME is a CHOICE type so use EXPLICIT */
88 ASN1_EXP(GENERAL_NAME, d.directoryName, X509_NAME, GEN_DIRNAME),
89 ASN1_IMP(GENERAL_NAME, d.ediPartyName, EDIPARTYNAME, GEN_EDIPARTY),
90 ASN1_IMP(GENERAL_NAME, d.uniformResourceIdentifier, ASN1_IA5STRING, GEN_URI),
91 ASN1_IMP(GENERAL_NAME, d.iPAddress, ASN1_OCTET_STRING, GEN_IPADD),
92 ASN1_IMP(GENERAL_NAME, d.registeredID, ASN1_OBJECT, GEN_RID)
93} ASN1_CHOICE_END(GENERAL_NAME)
94
95IMPLEMENT_ASN1_FUNCTIONS(GENERAL_NAME)
96
97ASN1_ITEM_TEMPLATE(GENERAL_NAMES) =
98 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, GENERAL_NAME)
99ASN1_ITEM_TEMPLATE_END(GENERAL_NAMES)
100
101IMPLEMENT_ASN1_FUNCTIONS(GENERAL_NAMES)
diff --git a/src/lib/libcrypto/x509v3/v3_ia5.c b/src/lib/libcrypto/x509v3/v3_ia5.c
new file mode 100644
index 0000000000..9683afa47c
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_ia5.c
@@ -0,0 +1,116 @@
1/* v3_ia5.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59
60#include <stdio.h>
61#include "cryptlib.h"
62#include <openssl/asn1.h>
63#include <openssl/conf.h>
64#include <openssl/x509v3.h>
65
66static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5);
67static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
68X509V3_EXT_METHOD v3_ns_ia5_list[] = {
69EXT_IA5STRING(NID_netscape_base_url),
70EXT_IA5STRING(NID_netscape_revocation_url),
71EXT_IA5STRING(NID_netscape_ca_revocation_url),
72EXT_IA5STRING(NID_netscape_renewal_url),
73EXT_IA5STRING(NID_netscape_ca_policy_url),
74EXT_IA5STRING(NID_netscape_ssl_server_name),
75EXT_IA5STRING(NID_netscape_comment),
76EXT_END
77};
78
79
80static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
81 ASN1_IA5STRING *ia5)
82{
83 char *tmp;
84 if(!ia5 || !ia5->length) return NULL;
85 if(!(tmp = OPENSSL_malloc(ia5->length + 1))) {
86 X509V3err(X509V3_F_I2S_ASN1_IA5STRING,ERR_R_MALLOC_FAILURE);
87 return NULL;
88 }
89 memcpy(tmp, ia5->data, ia5->length);
90 tmp[ia5->length] = 0;
91 return tmp;
92}
93
94static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
95 X509V3_CTX *ctx, char *str)
96{
97 ASN1_IA5STRING *ia5;
98 if(!str) {
99 X509V3err(X509V3_F_S2I_ASN1_IA5STRING,X509V3_R_INVALID_NULL_ARGUMENT);
100 return NULL;
101 }
102 if(!(ia5 = M_ASN1_IA5STRING_new())) goto err;
103 if(!ASN1_STRING_set((ASN1_STRING *)ia5, (unsigned char*)str,
104 strlen(str))) {
105 M_ASN1_IA5STRING_free(ia5);
106 goto err;
107 }
108#ifdef CHARSET_EBCDIC
109 ebcdic2ascii(ia5->data, ia5->data, ia5->length);
110#endif /*CHARSET_EBCDIC*/
111 return ia5;
112 err:
113 X509V3err(X509V3_F_S2I_ASN1_IA5STRING,ERR_R_MALLOC_FAILURE);
114 return NULL;
115}
116
diff --git a/src/lib/libcrypto/x509v3/v3_info.c b/src/lib/libcrypto/x509v3/v3_info.c
new file mode 100644
index 0000000000..53e3f48859
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_info.c
@@ -0,0 +1,194 @@
1/* v3_info.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/conf.h>
62#include <openssl/asn1.h>
63#include <openssl/asn1t.h>
64#include <openssl/x509v3.h>
65
66static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
67 AUTHORITY_INFO_ACCESS *ainfo,
68 STACK_OF(CONF_VALUE) *ret);
69static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
70 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
71
72X509V3_EXT_METHOD v3_info =
73{ NID_info_access, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
740,0,0,0,
750,0,
76(X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS,
77(X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
780,0,
79NULL};
80
81X509V3_EXT_METHOD v3_sinfo =
82{ NID_sinfo_access, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
830,0,0,0,
840,0,
85(X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS,
86(X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
870,0,
88NULL};
89
90ASN1_SEQUENCE(ACCESS_DESCRIPTION) = {
91 ASN1_SIMPLE(ACCESS_DESCRIPTION, method, ASN1_OBJECT),
92 ASN1_SIMPLE(ACCESS_DESCRIPTION, location, GENERAL_NAME)
93} ASN1_SEQUENCE_END(ACCESS_DESCRIPTION)
94
95IMPLEMENT_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)
96
97ASN1_ITEM_TEMPLATE(AUTHORITY_INFO_ACCESS) =
98 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, ACCESS_DESCRIPTION)
99ASN1_ITEM_TEMPLATE_END(AUTHORITY_INFO_ACCESS)
100
101IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
102
103static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
104 AUTHORITY_INFO_ACCESS *ainfo,
105 STACK_OF(CONF_VALUE) *ret)
106{
107 ACCESS_DESCRIPTION *desc;
108 int i,nlen;
109 char objtmp[80], *ntmp;
110 CONF_VALUE *vtmp;
111 for(i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) {
112 desc = sk_ACCESS_DESCRIPTION_value(ainfo, i);
113 ret = i2v_GENERAL_NAME(method, desc->location, ret);
114 if(!ret) break;
115 vtmp = sk_CONF_VALUE_value(ret, i);
116 i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method);
117 nlen = strlen(objtmp) + strlen(vtmp->name) + 5;
118 ntmp = OPENSSL_malloc(nlen);
119 if(!ntmp) {
120 X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS,
121 ERR_R_MALLOC_FAILURE);
122 return NULL;
123 }
124 BUF_strlcpy(ntmp, objtmp, nlen);
125 BUF_strlcat(ntmp, " - ", nlen);
126 BUF_strlcat(ntmp, vtmp->name, nlen);
127 OPENSSL_free(vtmp->name);
128 vtmp->name = ntmp;
129
130 }
131 if(!ret) return sk_CONF_VALUE_new_null();
132 return ret;
133}
134
135static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
136 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
137{
138 AUTHORITY_INFO_ACCESS *ainfo = NULL;
139 CONF_VALUE *cnf, ctmp;
140 ACCESS_DESCRIPTION *acc;
141 int i, objlen;
142 char *objtmp, *ptmp;
143 if(!(ainfo = sk_ACCESS_DESCRIPTION_new_null())) {
144 X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE);
145 return NULL;
146 }
147 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
148 cnf = sk_CONF_VALUE_value(nval, i);
149 if(!(acc = ACCESS_DESCRIPTION_new())
150 || !sk_ACCESS_DESCRIPTION_push(ainfo, acc)) {
151 X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE);
152 goto err;
153 }
154 ptmp = strchr(cnf->name, ';');
155 if(!ptmp) {
156 X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,X509V3_R_INVALID_SYNTAX);
157 goto err;
158 }
159 objlen = ptmp - cnf->name;
160 ctmp.name = ptmp + 1;
161 ctmp.value = cnf->value;
162 GENERAL_NAME_free(acc->location);
163 if(!(acc->location = v2i_GENERAL_NAME(method, ctx, &ctmp)))
164 goto err;
165 if(!(objtmp = OPENSSL_malloc(objlen + 1))) {
166 X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE);
167 goto err;
168 }
169 strncpy(objtmp, cnf->name, objlen);
170 objtmp[objlen] = 0;
171 acc->method = OBJ_txt2obj(objtmp, 0);
172 if(!acc->method) {
173 X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,X509V3_R_BAD_OBJECT);
174 ERR_add_error_data(2, "value=", objtmp);
175 OPENSSL_free(objtmp);
176 goto err;
177 }
178 OPENSSL_free(objtmp);
179
180 }
181 return ainfo;
182 err:
183 sk_ACCESS_DESCRIPTION_pop_free(ainfo, ACCESS_DESCRIPTION_free);
184 return NULL;
185}
186
187int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a)
188 {
189 i2a_ASN1_OBJECT(bp, a->method);
190#ifdef UNDEF
191 i2a_GENERAL_NAME(bp, a->location);
192#endif
193 return 2;
194 }
diff --git a/src/lib/libcrypto/x509v3/v3_int.c b/src/lib/libcrypto/x509v3/v3_int.c
new file mode 100644
index 0000000000..7a43b4717b
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_int.c
@@ -0,0 +1,76 @@
1/* v3_int.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/x509v3.h>
62
63X509V3_EXT_METHOD v3_crl_num = {
64 NID_crl_number, 0, ASN1_ITEM_ref(ASN1_INTEGER),
65 0,0,0,0,
66 (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
67 0,
68 0,0,0,0, NULL};
69
70X509V3_EXT_METHOD v3_delta_crl = {
71 NID_delta_crl, 0, ASN1_ITEM_ref(ASN1_INTEGER),
72 0,0,0,0,
73 (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
74 0,
75 0,0,0,0, NULL};
76
diff --git a/src/lib/libcrypto/x509v3/v3_lib.c b/src/lib/libcrypto/x509v3/v3_lib.c
new file mode 100644
index 0000000000..ca5a4a4a57
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_lib.c
@@ -0,0 +1,302 @@
1/* v3_lib.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58/* X509 v3 extension utilities */
59
60#include <stdio.h>
61#include "cryptlib.h"
62#include <openssl/conf.h>
63#include <openssl/x509v3.h>
64
65#include "ext_dat.h"
66
67static STACK_OF(X509V3_EXT_METHOD) *ext_list = NULL;
68
69static int ext_cmp(const X509V3_EXT_METHOD * const *a,
70 const X509V3_EXT_METHOD * const *b);
71static void ext_list_free(X509V3_EXT_METHOD *ext);
72
73int X509V3_EXT_add(X509V3_EXT_METHOD *ext)
74{
75 if(!ext_list && !(ext_list = sk_X509V3_EXT_METHOD_new(ext_cmp))) {
76 X509V3err(X509V3_F_X509V3_EXT_ADD,ERR_R_MALLOC_FAILURE);
77 return 0;
78 }
79 if(!sk_X509V3_EXT_METHOD_push(ext_list, ext)) {
80 X509V3err(X509V3_F_X509V3_EXT_ADD,ERR_R_MALLOC_FAILURE);
81 return 0;
82 }
83 return 1;
84}
85
86static int ext_cmp(const X509V3_EXT_METHOD * const *a,
87 const X509V3_EXT_METHOD * const *b)
88{
89 return ((*a)->ext_nid - (*b)->ext_nid);
90}
91
92X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid)
93{
94 X509V3_EXT_METHOD tmp, *t = &tmp, **ret;
95 int idx;
96 if(nid < 0) return NULL;
97 tmp.ext_nid = nid;
98 ret = (X509V3_EXT_METHOD **) OBJ_bsearch((char *)&t,
99 (char *)standard_exts, STANDARD_EXTENSION_COUNT,
100 sizeof(X509V3_EXT_METHOD *), (int (*)(const void *, const void *))ext_cmp);
101 if(ret) return *ret;
102 if(!ext_list) return NULL;
103 idx = sk_X509V3_EXT_METHOD_find(ext_list, &tmp);
104 if(idx == -1) return NULL;
105 return sk_X509V3_EXT_METHOD_value(ext_list, idx);
106}
107
108X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext)
109{
110 int nid;
111 if((nid = OBJ_obj2nid(ext->object)) == NID_undef) return NULL;
112 return X509V3_EXT_get_nid(nid);
113}
114
115
116int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist)
117{
118 for(;extlist->ext_nid!=-1;extlist++)
119 if(!X509V3_EXT_add(extlist)) return 0;
120 return 1;
121}
122
123int X509V3_EXT_add_alias(int nid_to, int nid_from)
124{
125 X509V3_EXT_METHOD *ext, *tmpext;
126 if(!(ext = X509V3_EXT_get_nid(nid_from))) {
127 X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,X509V3_R_EXTENSION_NOT_FOUND);
128 return 0;
129 }
130 if(!(tmpext = (X509V3_EXT_METHOD *)OPENSSL_malloc(sizeof(X509V3_EXT_METHOD)))) {
131 X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,ERR_R_MALLOC_FAILURE);
132 return 0;
133 }
134 *tmpext = *ext;
135 tmpext->ext_nid = nid_to;
136 tmpext->ext_flags |= X509V3_EXT_DYNAMIC;
137 return X509V3_EXT_add(tmpext);
138}
139
140void X509V3_EXT_cleanup(void)
141{
142 sk_X509V3_EXT_METHOD_pop_free(ext_list, ext_list_free);
143 ext_list = NULL;
144}
145
146static void ext_list_free(X509V3_EXT_METHOD *ext)
147{
148 if(ext->ext_flags & X509V3_EXT_DYNAMIC) OPENSSL_free(ext);
149}
150
151/* Legacy function: we don't need to add standard extensions
152 * any more because they are now kept in ext_dat.h.
153 */
154
155int X509V3_add_standard_extensions(void)
156{
157 return 1;
158}
159
160/* Return an extension internal structure */
161
162void *X509V3_EXT_d2i(X509_EXTENSION *ext)
163{
164 X509V3_EXT_METHOD *method;
165 unsigned char *p;
166 if(!(method = X509V3_EXT_get(ext))) return NULL;
167 p = ext->value->data;
168 if(method->it) return ASN1_item_d2i(NULL, &p, ext->value->length, ASN1_ITEM_ptr(method->it));
169 return method->d2i(NULL, &p, ext->value->length);
170}
171
172/* Get critical flag and decoded version of extension from a NID.
173 * The "idx" variable returns the last found extension and can
174 * be used to retrieve multiple extensions of the same NID.
175 * However multiple extensions with the same NID is usually
176 * due to a badly encoded certificate so if idx is NULL we
177 * choke if multiple extensions exist.
178 * The "crit" variable is set to the critical value.
179 * The return value is the decoded extension or NULL on
180 * error. The actual error can have several different causes,
181 * the value of *crit reflects the cause:
182 * >= 0, extension found but not decoded (reflects critical value).
183 * -1 extension not found.
184 * -2 extension occurs more than once.
185 */
186
187void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx)
188{
189 int lastpos, i;
190 X509_EXTENSION *ex, *found_ex = NULL;
191 if(!x) {
192 if(idx) *idx = -1;
193 if(crit) *crit = -1;
194 return NULL;
195 }
196 if(idx) lastpos = *idx + 1;
197 else lastpos = 0;
198 if(lastpos < 0) lastpos = 0;
199 for(i = lastpos; i < sk_X509_EXTENSION_num(x); i++)
200 {
201 ex = sk_X509_EXTENSION_value(x, i);
202 if(OBJ_obj2nid(ex->object) == nid) {
203 if(idx) {
204 *idx = i;
205 found_ex = ex;
206 break;
207 } else if(found_ex) {
208 /* Found more than one */
209 if(crit) *crit = -2;
210 return NULL;
211 }
212 found_ex = ex;
213 }
214 }
215 if(found_ex) {
216 /* Found it */
217 if(crit) *crit = X509_EXTENSION_get_critical(found_ex);
218 return X509V3_EXT_d2i(found_ex);
219 }
220
221 /* Extension not found */
222 if(idx) *idx = -1;
223 if(crit) *crit = -1;
224 return NULL;
225}
226
227/* This function is a general extension append, replace and delete utility.
228 * The precise operation is governed by the 'flags' value. The 'crit' and
229 * 'value' arguments (if relevant) are the extensions internal structure.
230 */
231
232int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
233 int crit, unsigned long flags)
234{
235 int extidx = -1;
236 int errcode;
237 X509_EXTENSION *ext, *extmp;
238 unsigned long ext_op = flags & X509V3_ADD_OP_MASK;
239
240 /* If appending we don't care if it exists, otherwise
241 * look for existing extension.
242 */
243 if(ext_op != X509V3_ADD_APPEND)
244 extidx = X509v3_get_ext_by_NID(*x, nid, -1);
245
246 /* See if extension exists */
247 if(extidx >= 0) {
248 /* If keep existing, nothing to do */
249 if(ext_op == X509V3_ADD_KEEP_EXISTING)
250 return 1;
251 /* If default then its an error */
252 if(ext_op == X509V3_ADD_DEFAULT) {
253 errcode = X509V3_R_EXTENSION_EXISTS;
254 goto err;
255 }
256 /* If delete, just delete it */
257 if(ext_op == X509V3_ADD_DELETE) {
258 if(!sk_X509_EXTENSION_delete(*x, extidx)) return -1;
259 return 1;
260 }
261 } else {
262 /* If replace existing or delete, error since
263 * extension must exist
264 */
265 if((ext_op == X509V3_ADD_REPLACE_EXISTING) ||
266 (ext_op == X509V3_ADD_DELETE)) {
267 errcode = X509V3_R_EXTENSION_NOT_FOUND;
268 goto err;
269 }
270 }
271
272 /* If we get this far then we have to create an extension:
273 * could have some flags for alternative encoding schemes...
274 */
275
276 ext = X509V3_EXT_i2d(nid, crit, value);
277
278 if(!ext) {
279 X509V3err(X509V3_F_X509V3_ADD_I2D, X509V3_R_ERROR_CREATING_EXTENSION);
280 return 0;
281 }
282
283 /* If extension exists replace it.. */
284 if(extidx >= 0) {
285 extmp = sk_X509_EXTENSION_value(*x, extidx);
286 X509_EXTENSION_free(extmp);
287 if(!sk_X509_EXTENSION_set(*x, extidx, ext)) return -1;
288 return 1;
289 }
290
291 if(!*x && !(*x = sk_X509_EXTENSION_new_null())) return -1;
292 if(!sk_X509_EXTENSION_push(*x, ext)) return -1;
293
294 return 1;
295
296 err:
297 if(!(flags & X509V3_ADD_SILENT))
298 X509V3err(X509V3_F_X509V3_ADD_I2D, errcode);
299 return 0;
300}
301
302IMPLEMENT_STACK_OF(X509V3_EXT_METHOD)
diff --git a/src/lib/libcrypto/x509v3/v3_ocsp.c b/src/lib/libcrypto/x509v3/v3_ocsp.c
new file mode 100644
index 0000000000..21badc13f9
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_ocsp.c
@@ -0,0 +1,275 @@
1/* v3_ocsp.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#ifndef OPENSSL_NO_OCSP
60
61#include <stdio.h>
62#include "cryptlib.h"
63#include <openssl/conf.h>
64#include <openssl/asn1.h>
65#include <openssl/ocsp.h>
66#include <openssl/x509v3.h>
67
68/* OCSP extensions and a couple of CRL entry extensions
69 */
70
71static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
72static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
73static int i2r_object(X509V3_EXT_METHOD *method, void *obj, BIO *out, int indent);
74
75static void *ocsp_nonce_new(void);
76static int i2d_ocsp_nonce(void *a, unsigned char **pp);
77static void *d2i_ocsp_nonce(void *a, unsigned char **pp, long length);
78static void ocsp_nonce_free(void *a);
79static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
80
81static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent);
82static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
83static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind);
84
85X509V3_EXT_METHOD v3_ocsp_crlid = {
86 NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID),
87 0,0,0,0,
88 0,0,
89 0,0,
90 i2r_ocsp_crlid,0,
91 NULL
92};
93
94X509V3_EXT_METHOD v3_ocsp_acutoff = {
95 NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
96 0,0,0,0,
97 0,0,
98 0,0,
99 i2r_ocsp_acutoff,0,
100 NULL
101};
102
103X509V3_EXT_METHOD v3_crl_invdate = {
104 NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
105 0,0,0,0,
106 0,0,
107 0,0,
108 i2r_ocsp_acutoff,0,
109 NULL
110};
111
112X509V3_EXT_METHOD v3_crl_hold = {
113 NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT),
114 0,0,0,0,
115 0,0,
116 0,0,
117 i2r_object,0,
118 NULL
119};
120
121X509V3_EXT_METHOD v3_ocsp_nonce = {
122 NID_id_pkix_OCSP_Nonce, 0, NULL,
123 ocsp_nonce_new,
124 ocsp_nonce_free,
125 d2i_ocsp_nonce,
126 i2d_ocsp_nonce,
127 0,0,
128 0,0,
129 i2r_ocsp_nonce,0,
130 NULL
131};
132
133X509V3_EXT_METHOD v3_ocsp_nocheck = {
134 NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL),
135 0,0,0,0,
136 0,s2i_ocsp_nocheck,
137 0,0,
138 i2r_ocsp_nocheck,0,
139 NULL
140};
141
142X509V3_EXT_METHOD v3_ocsp_serviceloc = {
143 NID_id_pkix_OCSP_serviceLocator, 0, ASN1_ITEM_ref(OCSP_SERVICELOC),
144 0,0,0,0,
145 0,0,
146 0,0,
147 i2r_ocsp_serviceloc,0,
148 NULL
149};
150
151static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind)
152{
153 OCSP_CRLID *a = in;
154 if (a->crlUrl)
155 {
156 if (!BIO_printf(bp, "%*scrlUrl: ", ind, "")) goto err;
157 if (!ASN1_STRING_print(bp, (ASN1_STRING*)a->crlUrl)) goto err;
158 if (!BIO_write(bp, "\n", 1)) goto err;
159 }
160 if (a->crlNum)
161 {
162 if (!BIO_printf(bp, "%*scrlNum: ", ind, "")) goto err;
163 if (!i2a_ASN1_INTEGER(bp, a->crlNum)) goto err;
164 if (!BIO_write(bp, "\n", 1)) goto err;
165 }
166 if (a->crlTime)
167 {
168 if (!BIO_printf(bp, "%*scrlTime: ", ind, "")) goto err;
169 if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime)) goto err;
170 if (!BIO_write(bp, "\n", 1)) goto err;
171 }
172 return 1;
173 err:
174 return 0;
175}
176
177static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *cutoff, BIO *bp, int ind)
178{
179 if (!BIO_printf(bp, "%*s", ind, "")) return 0;
180 if(!ASN1_GENERALIZEDTIME_print(bp, cutoff)) return 0;
181 return 1;
182}
183
184
185static int i2r_object(X509V3_EXT_METHOD *method, void *oid, BIO *bp, int ind)
186{
187 if (!BIO_printf(bp, "%*s", ind, "")) return 0;
188 if(!i2a_ASN1_OBJECT(bp, oid)) return 0;
189 return 1;
190}
191
192/* OCSP nonce. This is needs special treatment because it doesn't have
193 * an ASN1 encoding at all: it just contains arbitrary data.
194 */
195
196static void *ocsp_nonce_new(void)
197{
198 return ASN1_OCTET_STRING_new();
199}
200
201static int i2d_ocsp_nonce(void *a, unsigned char **pp)
202{
203 ASN1_OCTET_STRING *os = a;
204 if(pp) {
205 memcpy(*pp, os->data, os->length);
206 *pp += os->length;
207 }
208 return os->length;
209}
210
211static void *d2i_ocsp_nonce(void *a, unsigned char **pp, long length)
212{
213 ASN1_OCTET_STRING *os, **pos;
214 pos = a;
215 if(!pos || !*pos) os = ASN1_OCTET_STRING_new();
216 else os = *pos;
217 if(!ASN1_OCTET_STRING_set(os, *pp, length)) goto err;
218
219 *pp += length;
220
221 if(pos) *pos = os;
222 return os;
223
224 err:
225 if(os && (!pos || (*pos != os))) M_ASN1_OCTET_STRING_free(os);
226 OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE);
227 return NULL;
228}
229
230static void ocsp_nonce_free(void *a)
231{
232 M_ASN1_OCTET_STRING_free(a);
233}
234
235static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent)
236{
237 if(BIO_printf(out, "%*s", indent, "") <= 0) return 0;
238 if(i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0) return 0;
239 return 1;
240}
241
242/* Nocheck is just a single NULL. Don't print anything and always set it */
243
244static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent)
245{
246 return 1;
247}
248
249static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str)
250{
251 return ASN1_NULL_new();
252}
253
254static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind)
255 {
256 int i;
257 OCSP_SERVICELOC *a = in;
258 ACCESS_DESCRIPTION *ad;
259
260 if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0) goto err;
261 if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0) goto err;
262 for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++)
263 {
264 ad = sk_ACCESS_DESCRIPTION_value(a->locator,i);
265 if (BIO_printf(bp, "\n%*s", (2*ind), "") <= 0)
266 goto err;
267 if(i2a_ASN1_OBJECT(bp, ad->method) <= 0) goto err;
268 if(BIO_puts(bp, " - ") <= 0) goto err;
269 if(GENERAL_NAME_print(bp, ad->location) <= 0) goto err;
270 }
271 return 1;
272err:
273 return 0;
274 }
275#endif
diff --git a/src/lib/libcrypto/x509v3/v3_pci.c b/src/lib/libcrypto/x509v3/v3_pci.c
new file mode 100644
index 0000000000..b32d968619
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_pci.c
@@ -0,0 +1,313 @@
1/* v3_pci.c -*- mode:C; c-file-style: "eay" -*- */
2/* Contributed to the OpenSSL Project 2004
3 * by Richard Levitte (richard@levitte.org)
4 */
5/* Copyright (c) 2004 Kungliga Tekniska Högskolan
6 * (Royal Institute of Technology, Stockholm, Sweden).
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 *
20 * 3. Neither the name of the Institute nor the names of its contributors
21 * may be used to endorse or promote products derived from this software
22 * without specific prior written permission.
23 *
24 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * SUCH DAMAGE.
35 */
36
37#include <stdio.h>
38#include "cryptlib.h"
39#include <openssl/conf.h>
40#include <openssl/x509v3.h>
41
42static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext,
43 BIO *out, int indent);
44static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
45 X509V3_CTX *ctx, char *str);
46
47X509V3_EXT_METHOD v3_pci =
48 { NID_proxyCertInfo, 0, ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION),
49 0,0,0,0,
50 0,0,
51 NULL, NULL,
52 (X509V3_EXT_I2R)i2r_pci,
53 (X509V3_EXT_R2I)r2i_pci,
54 NULL,
55 };
56
57static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci,
58 BIO *out, int indent)
59 {
60 BIO_printf(out, "%*sPath Length Constraint: ", indent, "");
61 if (pci->pcPathLengthConstraint)
62 i2a_ASN1_INTEGER(out, pci->pcPathLengthConstraint);
63 else
64 BIO_printf(out, "infinite");
65 BIO_puts(out, "\n");
66 BIO_printf(out, "%*sPolicy Language: ", indent, "");
67 i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage);
68 BIO_puts(out, "\n");
69 if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data)
70 BIO_printf(out, "%*sPolicy Text: %s\n", indent, "",
71 pci->proxyPolicy->policy->data);
72 return 1;
73 }
74
75static int process_pci_value(CONF_VALUE *val,
76 ASN1_OBJECT **language, ASN1_INTEGER **pathlen,
77 ASN1_OCTET_STRING **policy)
78 {
79 int free_policy = 0;
80
81 if (strcmp(val->name, "language") == 0)
82 {
83 if (*language)
84 {
85 X509V3err(X509V3_F_R2I_PCI,X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED);
86 X509V3_conf_err(val);
87 return 0;
88 }
89 if (!(*language = OBJ_txt2obj(val->value, 0)))
90 {
91 X509V3err(X509V3_F_R2I_PCI,X509V3_R_INVALID_OBJECT_IDENTIFIER);
92 X509V3_conf_err(val);
93 return 0;
94 }
95 }
96 else if (strcmp(val->name, "pathlen") == 0)
97 {
98 if (*pathlen)
99 {
100 X509V3err(X509V3_F_R2I_PCI,X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED);
101 X509V3_conf_err(val);
102 return 0;
103 }
104 if (!X509V3_get_value_int(val, pathlen))
105 {
106 X509V3err(X509V3_F_R2I_PCI,X509V3_R_POLICY_PATH_LENGTH);
107 X509V3_conf_err(val);
108 return 0;
109 }
110 }
111 else if (strcmp(val->name, "policy") == 0)
112 {
113 unsigned char *tmp_data = NULL;
114 long val_len;
115 if (!*policy)
116 {
117 *policy = ASN1_OCTET_STRING_new();
118 if (!*policy)
119 {
120 X509V3err(X509V3_F_R2I_PCI,ERR_R_MALLOC_FAILURE);
121 X509V3_conf_err(val);
122 return 0;
123 }
124 free_policy = 1;
125 }
126 if (strncmp(val->value, "hex:", 4) == 0)
127 {
128 unsigned char *tmp_data2 =
129 string_to_hex(val->value + 4, &val_len);
130
131 if (!tmp_data2) goto err;
132
133 tmp_data = OPENSSL_realloc((*policy)->data,
134 (*policy)->length + val_len + 1);
135 if (tmp_data)
136 {
137 (*policy)->data = tmp_data;
138 memcpy(&(*policy)->data[(*policy)->length],
139 tmp_data2, val_len);
140 (*policy)->length += val_len;
141 (*policy)->data[(*policy)->length] = '\0';
142 }
143 }
144 else if (strncmp(val->value, "file:", 5) == 0)
145 {
146 unsigned char buf[2048];
147 int n;
148 BIO *b = BIO_new_file(val->value + 5, "r");
149 if (!b)
150 {
151 X509V3err(X509V3_F_R2I_PCI,ERR_R_BIO_LIB);
152 X509V3_conf_err(val);
153 goto err;
154 }
155 while((n = BIO_read(b, buf, sizeof(buf))) > 0
156 || (n == 0 && BIO_should_retry(b)))
157 {
158 if (!n) continue;
159
160 tmp_data = OPENSSL_realloc((*policy)->data,
161 (*policy)->length + n + 1);
162
163 if (!tmp_data)
164 break;
165
166 (*policy)->data = tmp_data;
167 memcpy(&(*policy)->data[(*policy)->length],
168 buf, n);
169 (*policy)->length += n;
170 (*policy)->data[(*policy)->length] = '\0';
171 }
172
173 if (n < 0)
174 {
175 X509V3err(X509V3_F_R2I_PCI,ERR_R_BIO_LIB);
176 X509V3_conf_err(val);
177 goto err;
178 }
179 }
180 else if (strncmp(val->value, "text:", 5) == 0)
181 {
182 val_len = strlen(val->value + 5);
183 tmp_data = OPENSSL_realloc((*policy)->data,
184 (*policy)->length + val_len + 1);
185 if (tmp_data)
186 {
187 (*policy)->data = tmp_data;
188 memcpy(&(*policy)->data[(*policy)->length],
189 val->value + 5, val_len);
190 (*policy)->length += val_len;
191 (*policy)->data[(*policy)->length] = '\0';
192 }
193 }
194 else
195 {
196 X509V3err(X509V3_F_R2I_PCI,X509V3_R_INCORRECT_POLICY_SYNTAX_TAG);
197 X509V3_conf_err(val);
198 goto err;
199 }
200 if (!tmp_data)
201 {
202 X509V3err(X509V3_F_R2I_PCI,ERR_R_MALLOC_FAILURE);
203 X509V3_conf_err(val);
204 goto err;
205 }
206 }
207 return 1;
208err:
209 if (free_policy)
210 {
211 ASN1_OCTET_STRING_free(*policy);
212 *policy = NULL;
213 }
214 return 0;
215 }
216
217static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
218 X509V3_CTX *ctx, char *value)
219 {
220 PROXY_CERT_INFO_EXTENSION *pci = NULL;
221 STACK_OF(CONF_VALUE) *vals;
222 ASN1_OBJECT *language = NULL;
223 ASN1_INTEGER *pathlen = NULL;
224 ASN1_OCTET_STRING *policy = NULL;
225 int i, j;
226
227 vals = X509V3_parse_list(value);
228 for (i = 0; i < sk_CONF_VALUE_num(vals); i++)
229 {
230 CONF_VALUE *cnf = sk_CONF_VALUE_value(vals, i);
231 if (!cnf->name || (*cnf->name != '@' && !cnf->value))
232 {
233 X509V3err(X509V3_F_R2I_PCI,X509V3_R_INVALID_PROXY_POLICY_SETTING);
234 X509V3_conf_err(cnf);
235 goto err;
236 }
237 if (*cnf->name == '@')
238 {
239 STACK_OF(CONF_VALUE) *sect;
240 int success_p = 1;
241
242 sect = X509V3_get_section(ctx, cnf->name + 1);
243 if (!sect)
244 {
245 X509V3err(X509V3_F_R2I_PCI,X509V3_R_INVALID_SECTION);
246 X509V3_conf_err(cnf);
247 goto err;
248 }
249 for (j = 0; success_p && j < sk_CONF_VALUE_num(sect); j++)
250 {
251 success_p =
252 process_pci_value(sk_CONF_VALUE_value(sect, j),
253 &language, &pathlen, &policy);
254 }
255 X509V3_section_free(ctx, sect);
256 if (!success_p)
257 goto err;
258 }
259 else
260 {
261 if (!process_pci_value(cnf,
262 &language, &pathlen, &policy))
263 {
264 X509V3_conf_err(cnf);
265 goto err;
266 }
267 }
268 }
269
270 /* Language is mandatory */
271 if (!language)
272 {
273 X509V3err(X509V3_F_R2I_PCI,X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED);
274 goto err;
275 }
276 i = OBJ_obj2nid(language);
277 if ((i == NID_Independent || i == NID_id_ppl_inheritAll) && policy)
278 {
279 X509V3err(X509V3_F_R2I_PCI,X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY);
280 goto err;
281 }
282
283 pci = PROXY_CERT_INFO_EXTENSION_new();
284 if (!pci)
285 {
286 X509V3err(X509V3_F_R2I_PCI,ERR_R_MALLOC_FAILURE);
287 goto err;
288 }
289 pci->proxyPolicy = PROXY_POLICY_new();
290 if (!pci->proxyPolicy)
291 {
292 X509V3err(X509V3_F_R2I_PCI,ERR_R_MALLOC_FAILURE);
293 goto err;
294 }
295
296 pci->proxyPolicy->policyLanguage = language; language = NULL;
297 pci->proxyPolicy->policy = policy; policy = NULL;
298 pci->pcPathLengthConstraint = pathlen; pathlen = NULL;
299 goto end;
300err:
301 if (language) { ASN1_OBJECT_free(language); language = NULL; }
302 if (pathlen) { ASN1_INTEGER_free(pathlen); pathlen = NULL; }
303 if (policy) { ASN1_OCTET_STRING_free(policy); policy = NULL; }
304 if (pci && pci->proxyPolicy)
305 {
306 PROXY_POLICY_free(pci->proxyPolicy);
307 pci->proxyPolicy = NULL;
308 }
309 if (pci) { PROXY_CERT_INFO_EXTENSION_free(pci); pci = NULL; }
310end:
311 sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
312 return pci;
313 }
diff --git a/src/lib/libcrypto/x509v3/v3_pcia.c b/src/lib/libcrypto/x509v3/v3_pcia.c
new file mode 100644
index 0000000000..bb362e0e5a
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_pcia.c
@@ -0,0 +1,55 @@
1/* v3_pcia.c -*- mode:C; c-file-style: "eay" -*- */
2/* Contributed to the OpenSSL Project 2004
3 * by Richard Levitte (richard@levitte.org)
4 */
5/* Copyright (c) 2004 Kungliga Tekniska Högskolan
6 * (Royal Institute of Technology, Stockholm, Sweden).
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 *
20 * 3. Neither the name of the Institute nor the names of its contributors
21 * may be used to endorse or promote products derived from this software
22 * without specific prior written permission.
23 *
24 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * SUCH DAMAGE.
35 */
36
37#include <openssl/asn1.h>
38#include <openssl/asn1t.h>
39#include <openssl/x509v3.h>
40
41ASN1_SEQUENCE(PROXY_POLICY) =
42 {
43 ASN1_SIMPLE(PROXY_POLICY,policyLanguage,ASN1_OBJECT),
44 ASN1_OPT(PROXY_POLICY,policy,ASN1_OCTET_STRING)
45} ASN1_SEQUENCE_END(PROXY_POLICY)
46
47IMPLEMENT_ASN1_FUNCTIONS(PROXY_POLICY)
48
49ASN1_SEQUENCE(PROXY_CERT_INFO_EXTENSION) =
50 {
51 ASN1_OPT(PROXY_CERT_INFO_EXTENSION,pcPathLengthConstraint,ASN1_INTEGER),
52 ASN1_SIMPLE(PROXY_CERT_INFO_EXTENSION,proxyPolicy,PROXY_POLICY)
53} ASN1_SEQUENCE_END(PROXY_CERT_INFO_EXTENSION)
54
55IMPLEMENT_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)
diff --git a/src/lib/libcrypto/x509v3/v3_pku.c b/src/lib/libcrypto/x509v3/v3_pku.c
new file mode 100644
index 0000000000..49a2e4697a
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_pku.c
@@ -0,0 +1,108 @@
1/* v3_pku.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/asn1.h>
62#include <openssl/asn1t.h>
63#include <openssl/x509v3.h>
64
65static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, PKEY_USAGE_PERIOD *usage, BIO *out, int indent);
66/*
67static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
68*/
69X509V3_EXT_METHOD v3_pkey_usage_period = {
70NID_private_key_usage_period, 0, ASN1_ITEM_ref(PKEY_USAGE_PERIOD),
710,0,0,0,
720,0,0,0,
73(X509V3_EXT_I2R)i2r_PKEY_USAGE_PERIOD, NULL,
74NULL
75};
76
77ASN1_SEQUENCE(PKEY_USAGE_PERIOD) = {
78 ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notBefore, ASN1_GENERALIZEDTIME, 0),
79 ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notAfter, ASN1_GENERALIZEDTIME, 1)
80} ASN1_SEQUENCE_END(PKEY_USAGE_PERIOD)
81
82IMPLEMENT_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD)
83
84static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method,
85 PKEY_USAGE_PERIOD *usage, BIO *out, int indent)
86{
87 BIO_printf(out, "%*s", indent, "");
88 if(usage->notBefore) {
89 BIO_write(out, "Not Before: ", 12);
90 ASN1_GENERALIZEDTIME_print(out, usage->notBefore);
91 if(usage->notAfter) BIO_write(out, ", ", 2);
92 }
93 if(usage->notAfter) {
94 BIO_write(out, "Not After: ", 11);
95 ASN1_GENERALIZEDTIME_print(out, usage->notAfter);
96 }
97 return 1;
98}
99
100/*
101static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(method, ctx, values)
102X509V3_EXT_METHOD *method;
103X509V3_CTX *ctx;
104STACK_OF(CONF_VALUE) *values;
105{
106return NULL;
107}
108*/
diff --git a/src/lib/libcrypto/x509v3/v3_prn.c b/src/lib/libcrypto/x509v3/v3_prn.c
new file mode 100644
index 0000000000..5d268eb768
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_prn.c
@@ -0,0 +1,233 @@
1/* v3_prn.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58/* X509 v3 extension utilities */
59
60#include <stdio.h>
61#include "cryptlib.h"
62#include <openssl/conf.h>
63#include <openssl/x509v3.h>
64
65/* Extension printing routines */
66
67static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent, int supported);
68
69/* Print out a name+value stack */
70
71void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml)
72{
73 int i;
74 CONF_VALUE *nval;
75 if(!val) return;
76 if(!ml || !sk_CONF_VALUE_num(val)) {
77 BIO_printf(out, "%*s", indent, "");
78 if(!sk_CONF_VALUE_num(val)) BIO_puts(out, "<EMPTY>\n");
79 }
80 for(i = 0; i < sk_CONF_VALUE_num(val); i++) {
81 if(ml) BIO_printf(out, "%*s", indent, "");
82 else if(i > 0) BIO_printf(out, ", ");
83 nval = sk_CONF_VALUE_value(val, i);
84 if(!nval->name) BIO_puts(out, nval->value);
85 else if(!nval->value) BIO_puts(out, nval->name);
86#ifndef CHARSET_EBCDIC
87 else BIO_printf(out, "%s:%s", nval->name, nval->value);
88#else
89 else {
90 int len;
91 char *tmp;
92 len = strlen(nval->value)+1;
93 tmp = OPENSSL_malloc(len);
94 if (tmp)
95 {
96 ascii2ebcdic(tmp, nval->value, len);
97 BIO_printf(out, "%s:%s", nval->name, tmp);
98 OPENSSL_free(tmp);
99 }
100 }
101#endif
102 if(ml) BIO_puts(out, "\n");
103 }
104}
105
106/* Main routine: print out a general extension */
107
108int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent)
109{
110 void *ext_str = NULL;
111 char *value = NULL;
112 unsigned char *p;
113 X509V3_EXT_METHOD *method;
114 STACK_OF(CONF_VALUE) *nval = NULL;
115 int ok = 1;
116 if(!(method = X509V3_EXT_get(ext)))
117 return unknown_ext_print(out, ext, flag, indent, 0);
118 p = ext->value->data;
119 if(method->it) ext_str = ASN1_item_d2i(NULL, &p, ext->value->length, ASN1_ITEM_ptr(method->it));
120 else ext_str = method->d2i(NULL, &p, ext->value->length);
121
122 if(!ext_str) return unknown_ext_print(out, ext, flag, indent, 1);
123
124 if(method->i2s) {
125 if(!(value = method->i2s(method, ext_str))) {
126 ok = 0;
127 goto err;
128 }
129#ifndef CHARSET_EBCDIC
130 BIO_printf(out, "%*s%s", indent, "", value);
131#else
132 {
133 int len;
134 char *tmp;
135 len = strlen(value)+1;
136 tmp = OPENSSL_malloc(len);
137 if (tmp)
138 {
139 ascii2ebcdic(tmp, value, len);
140 BIO_printf(out, "%*s%s", indent, "", tmp);
141 OPENSSL_free(tmp);
142 }
143 }
144#endif
145 } else if(method->i2v) {
146 if(!(nval = method->i2v(method, ext_str, NULL))) {
147 ok = 0;
148 goto err;
149 }
150 X509V3_EXT_val_prn(out, nval, indent,
151 method->ext_flags & X509V3_EXT_MULTILINE);
152 } else if(method->i2r) {
153 if(!method->i2r(method, ext_str, out, indent)) ok = 0;
154 } else ok = 0;
155
156 err:
157 sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
158 if(value) OPENSSL_free(value);
159 if(method->it) ASN1_item_free(ext_str, ASN1_ITEM_ptr(method->it));
160 else method->ext_free(ext_str);
161 return ok;
162}
163
164int X509V3_extensions_print(BIO *bp, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent)
165{
166 int i, j;
167
168 if(sk_X509_EXTENSION_num(exts) <= 0) return 1;
169
170 if(title)
171 {
172 BIO_printf(bp,"%*s%s:\n",indent, "", title);
173 indent += 4;
174 }
175
176 for (i=0; i<sk_X509_EXTENSION_num(exts); i++)
177 {
178 ASN1_OBJECT *obj;
179 X509_EXTENSION *ex;
180 ex=sk_X509_EXTENSION_value(exts, i);
181 if (indent && BIO_printf(bp,"%*s",indent, "") <= 0) return 0;
182 obj=X509_EXTENSION_get_object(ex);
183 i2a_ASN1_OBJECT(bp,obj);
184 j=X509_EXTENSION_get_critical(ex);
185 if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0)
186 return 0;
187 if(!X509V3_EXT_print(bp, ex, flag, indent + 4))
188 {
189 BIO_printf(bp, "%*s", indent + 4, "");
190 M_ASN1_OCTET_STRING_print(bp,ex->value);
191 }
192 if (BIO_write(bp,"\n",1) <= 0) return 0;
193 }
194 return 1;
195}
196
197static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent, int supported)
198{
199 switch(flag & X509V3_EXT_UNKNOWN_MASK) {
200
201 case X509V3_EXT_DEFAULT:
202 return 0;
203
204 case X509V3_EXT_ERROR_UNKNOWN:
205 if(supported)
206 BIO_printf(out, "%*s<Parse Error>", indent, "");
207 else
208 BIO_printf(out, "%*s<Not Supported>", indent, "");
209 return 1;
210
211 case X509V3_EXT_PARSE_UNKNOWN:
212 return ASN1_parse_dump(out,
213 ext->value->data, ext->value->length, indent, -1);
214 case X509V3_EXT_DUMP_UNKNOWN:
215 return BIO_dump_indent(out, (char *)ext->value->data, ext->value->length, indent);
216
217 default:
218 return 1;
219 }
220}
221
222
223#ifndef OPENSSL_NO_FP_API
224int X509V3_EXT_print_fp(FILE *fp, X509_EXTENSION *ext, int flag, int indent)
225{
226 BIO *bio_tmp;
227 int ret;
228 if(!(bio_tmp = BIO_new_fp(fp, BIO_NOCLOSE))) return 0;
229 ret = X509V3_EXT_print(bio_tmp, ext, flag, indent);
230 BIO_free(bio_tmp);
231 return ret;
232}
233#endif
diff --git a/src/lib/libcrypto/x509v3/v3_purp.c b/src/lib/libcrypto/x509v3/v3_purp.c
new file mode 100644
index 0000000000..bbdf6da493
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_purp.c
@@ -0,0 +1,647 @@
1/* v3_purp.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 2001.
4 */
5/* ====================================================================
6 * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/x509v3.h>
62#include <openssl/x509_vfy.h>
63
64static void x509v3_cache_extensions(X509 *x);
65
66static int check_ssl_ca(const X509 *x);
67static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca);
68static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca);
69static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca);
70static int purpose_smime(const X509 *x, int ca);
71static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int ca);
72static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, int ca);
73static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca);
74static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca);
75static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca);
76
77static int xp_cmp(const X509_PURPOSE * const *a,
78 const X509_PURPOSE * const *b);
79static void xptable_free(X509_PURPOSE *p);
80
81static X509_PURPOSE xstandard[] = {
82 {X509_PURPOSE_SSL_CLIENT, X509_TRUST_SSL_CLIENT, 0, check_purpose_ssl_client, "SSL client", "sslclient", NULL},
83 {X509_PURPOSE_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ssl_server, "SSL server", "sslserver", NULL},
84 {X509_PURPOSE_NS_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ns_ssl_server, "Netscape SSL server", "nssslserver", NULL},
85 {X509_PURPOSE_SMIME_SIGN, X509_TRUST_EMAIL, 0, check_purpose_smime_sign, "S/MIME signing", "smimesign", NULL},
86 {X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0, check_purpose_smime_encrypt, "S/MIME encryption", "smimeencrypt", NULL},
87 {X509_PURPOSE_CRL_SIGN, X509_TRUST_COMPAT, 0, check_purpose_crl_sign, "CRL signing", "crlsign", NULL},
88 {X509_PURPOSE_ANY, X509_TRUST_DEFAULT, 0, no_check, "Any Purpose", "any", NULL},
89 {X509_PURPOSE_OCSP_HELPER, X509_TRUST_COMPAT, 0, ocsp_helper, "OCSP helper", "ocsphelper", NULL},
90};
91
92#define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE))
93
94IMPLEMENT_STACK_OF(X509_PURPOSE)
95
96static STACK_OF(X509_PURPOSE) *xptable = NULL;
97
98static int xp_cmp(const X509_PURPOSE * const *a,
99 const X509_PURPOSE * const *b)
100{
101 return (*a)->purpose - (*b)->purpose;
102}
103
104/* As much as I'd like to make X509_check_purpose use a "const" X509*
105 * I really can't because it does recalculate hashes and do other non-const
106 * things. */
107int X509_check_purpose(X509 *x, int id, int ca)
108{
109 int idx;
110 const X509_PURPOSE *pt;
111 if(!(x->ex_flags & EXFLAG_SET)) {
112 CRYPTO_w_lock(CRYPTO_LOCK_X509);
113 x509v3_cache_extensions(x);
114 CRYPTO_w_unlock(CRYPTO_LOCK_X509);
115 }
116 if(id == -1) return 1;
117 idx = X509_PURPOSE_get_by_id(id);
118 if(idx == -1) return -1;
119 pt = X509_PURPOSE_get0(idx);
120 return pt->check_purpose(pt, x, ca);
121}
122
123int X509_PURPOSE_set(int *p, int purpose)
124{
125 if(X509_PURPOSE_get_by_id(purpose) == -1) {
126 X509V3err(X509V3_F_X509_PURPOSE_SET, X509V3_R_INVALID_PURPOSE);
127 return 0;
128 }
129 *p = purpose;
130 return 1;
131}
132
133int X509_PURPOSE_get_count(void)
134{
135 if(!xptable) return X509_PURPOSE_COUNT;
136 return sk_X509_PURPOSE_num(xptable) + X509_PURPOSE_COUNT;
137}
138
139X509_PURPOSE * X509_PURPOSE_get0(int idx)
140{
141 if(idx < 0) return NULL;
142 if(idx < X509_PURPOSE_COUNT) return xstandard + idx;
143 return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT);
144}
145
146int X509_PURPOSE_get_by_sname(char *sname)
147{
148 int i;
149 X509_PURPOSE *xptmp;
150 for(i = 0; i < X509_PURPOSE_get_count(); i++) {
151 xptmp = X509_PURPOSE_get0(i);
152 if(!strcmp(xptmp->sname, sname)) return i;
153 }
154 return -1;
155}
156
157int X509_PURPOSE_get_by_id(int purpose)
158{
159 X509_PURPOSE tmp;
160 int idx;
161 if((purpose >= X509_PURPOSE_MIN) && (purpose <= X509_PURPOSE_MAX))
162 return purpose - X509_PURPOSE_MIN;
163 tmp.purpose = purpose;
164 if(!xptable) return -1;
165 idx = sk_X509_PURPOSE_find(xptable, &tmp);
166 if(idx == -1) return -1;
167 return idx + X509_PURPOSE_COUNT;
168}
169
170int X509_PURPOSE_add(int id, int trust, int flags,
171 int (*ck)(const X509_PURPOSE *, const X509 *, int),
172 char *name, char *sname, void *arg)
173{
174 int idx;
175 X509_PURPOSE *ptmp;
176 /* This is set according to what we change: application can't set it */
177 flags &= ~X509_PURPOSE_DYNAMIC;
178 /* This will always be set for application modified trust entries */
179 flags |= X509_PURPOSE_DYNAMIC_NAME;
180 /* Get existing entry if any */
181 idx = X509_PURPOSE_get_by_id(id);
182 /* Need a new entry */
183 if(idx == -1) {
184 if(!(ptmp = OPENSSL_malloc(sizeof(X509_PURPOSE)))) {
185 X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
186 return 0;
187 }
188 ptmp->flags = X509_PURPOSE_DYNAMIC;
189 } else ptmp = X509_PURPOSE_get0(idx);
190
191 /* OPENSSL_free existing name if dynamic */
192 if(ptmp->flags & X509_PURPOSE_DYNAMIC_NAME) {
193 OPENSSL_free(ptmp->name);
194 OPENSSL_free(ptmp->sname);
195 }
196 /* dup supplied name */
197 ptmp->name = BUF_strdup(name);
198 ptmp->sname = BUF_strdup(sname);
199 if(!ptmp->name || !ptmp->sname) {
200 X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
201 return 0;
202 }
203 /* Keep the dynamic flag of existing entry */
204 ptmp->flags &= X509_PURPOSE_DYNAMIC;
205 /* Set all other flags */
206 ptmp->flags |= flags;
207
208 ptmp->purpose = id;
209 ptmp->trust = trust;
210 ptmp->check_purpose = ck;
211 ptmp->usr_data = arg;
212
213 /* If its a new entry manage the dynamic table */
214 if(idx == -1) {
215 if(!xptable && !(xptable = sk_X509_PURPOSE_new(xp_cmp))) {
216 X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
217 return 0;
218 }
219 if (!sk_X509_PURPOSE_push(xptable, ptmp)) {
220 X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
221 return 0;
222 }
223 }
224 return 1;
225}
226
227static void xptable_free(X509_PURPOSE *p)
228 {
229 if(!p) return;
230 if (p->flags & X509_PURPOSE_DYNAMIC)
231 {
232 if (p->flags & X509_PURPOSE_DYNAMIC_NAME) {
233 OPENSSL_free(p->name);
234 OPENSSL_free(p->sname);
235 }
236 OPENSSL_free(p);
237 }
238 }
239
240void X509_PURPOSE_cleanup(void)
241{
242 int i;
243 sk_X509_PURPOSE_pop_free(xptable, xptable_free);
244 for(i = 0; i < X509_PURPOSE_COUNT; i++) xptable_free(xstandard + i);
245 xptable = NULL;
246}
247
248int X509_PURPOSE_get_id(X509_PURPOSE *xp)
249{
250 return xp->purpose;
251}
252
253char *X509_PURPOSE_get0_name(X509_PURPOSE *xp)
254{
255 return xp->name;
256}
257
258char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp)
259{
260 return xp->sname;
261}
262
263int X509_PURPOSE_get_trust(X509_PURPOSE *xp)
264{
265 return xp->trust;
266}
267
268static int nid_cmp(int *a, int *b)
269 {
270 return *a - *b;
271 }
272
273int X509_supported_extension(X509_EXTENSION *ex)
274 {
275 /* This table is a list of the NIDs of supported extensions:
276 * that is those which are used by the verify process. If
277 * an extension is critical and doesn't appear in this list
278 * then the verify process will normally reject the certificate.
279 * The list must be kept in numerical order because it will be
280 * searched using bsearch.
281 */
282
283 static int supported_nids[] = {
284 NID_netscape_cert_type, /* 71 */
285 NID_key_usage, /* 83 */
286 NID_subject_alt_name, /* 85 */
287 NID_basic_constraints, /* 87 */
288 NID_ext_key_usage, /* 126 */
289 NID_proxyCertInfo /* 661 */
290 };
291
292 int ex_nid;
293
294 ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex));
295
296 if (ex_nid == NID_undef)
297 return 0;
298
299 if (OBJ_bsearch((char *)&ex_nid, (char *)supported_nids,
300 sizeof(supported_nids)/sizeof(int), sizeof(int),
301 (int (*)(const void *, const void *))nid_cmp))
302 return 1;
303 return 0;
304 }
305
306
307static void x509v3_cache_extensions(X509 *x)
308{
309 BASIC_CONSTRAINTS *bs;
310 PROXY_CERT_INFO_EXTENSION *pci;
311 ASN1_BIT_STRING *usage;
312 ASN1_BIT_STRING *ns;
313 EXTENDED_KEY_USAGE *extusage;
314 X509_EXTENSION *ex;
315
316 int i;
317 if(x->ex_flags & EXFLAG_SET) return;
318#ifndef OPENSSL_NO_SHA
319 X509_digest(x, EVP_sha1(), x->sha1_hash, NULL);
320#endif
321 /* Does subject name match issuer ? */
322 if(!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x)))
323 x->ex_flags |= EXFLAG_SS;
324 /* V1 should mean no extensions ... */
325 if(!X509_get_version(x)) x->ex_flags |= EXFLAG_V1;
326 /* Handle basic constraints */
327 if((bs=X509_get_ext_d2i(x, NID_basic_constraints, NULL, NULL))) {
328 if(bs->ca) x->ex_flags |= EXFLAG_CA;
329 if(bs->pathlen) {
330 if((bs->pathlen->type == V_ASN1_NEG_INTEGER)
331 || !bs->ca) {
332 x->ex_flags |= EXFLAG_INVALID;
333 x->ex_pathlen = 0;
334 } else x->ex_pathlen = ASN1_INTEGER_get(bs->pathlen);
335 } else x->ex_pathlen = -1;
336 BASIC_CONSTRAINTS_free(bs);
337 x->ex_flags |= EXFLAG_BCONS;
338 }
339 /* Handle proxy certificates */
340 if((pci=X509_get_ext_d2i(x, NID_proxyCertInfo, NULL, NULL))) {
341 if (x->ex_flags & EXFLAG_CA
342 || X509_get_ext_by_NID(x, NID_subject_alt_name, 0) >= 0
343 || X509_get_ext_by_NID(x, NID_issuer_alt_name, 0) >= 0) {
344 x->ex_flags |= EXFLAG_INVALID;
345 }
346 PROXY_CERT_INFO_EXTENSION_free(pci);
347 x->ex_flags |= EXFLAG_PROXY;
348 }
349 /* Handle key usage */
350 if((usage=X509_get_ext_d2i(x, NID_key_usage, NULL, NULL))) {
351 if(usage->length > 0) {
352 x->ex_kusage = usage->data[0];
353 if(usage->length > 1)
354 x->ex_kusage |= usage->data[1] << 8;
355 } else x->ex_kusage = 0;
356 x->ex_flags |= EXFLAG_KUSAGE;
357 ASN1_BIT_STRING_free(usage);
358 }
359 x->ex_xkusage = 0;
360 if((extusage=X509_get_ext_d2i(x, NID_ext_key_usage, NULL, NULL))) {
361 x->ex_flags |= EXFLAG_XKUSAGE;
362 for(i = 0; i < sk_ASN1_OBJECT_num(extusage); i++) {
363 switch(OBJ_obj2nid(sk_ASN1_OBJECT_value(extusage,i))) {
364 case NID_server_auth:
365 x->ex_xkusage |= XKU_SSL_SERVER;
366 break;
367
368 case NID_client_auth:
369 x->ex_xkusage |= XKU_SSL_CLIENT;
370 break;
371
372 case NID_email_protect:
373 x->ex_xkusage |= XKU_SMIME;
374 break;
375
376 case NID_code_sign:
377 x->ex_xkusage |= XKU_CODE_SIGN;
378 break;
379
380 case NID_ms_sgc:
381 case NID_ns_sgc:
382 x->ex_xkusage |= XKU_SGC;
383 break;
384
385 case NID_OCSP_sign:
386 x->ex_xkusage |= XKU_OCSP_SIGN;
387 break;
388
389 case NID_time_stamp:
390 x->ex_xkusage |= XKU_TIMESTAMP;
391 break;
392
393 case NID_dvcs:
394 x->ex_xkusage |= XKU_DVCS;
395 break;
396 }
397 }
398 sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free);
399 }
400
401 if((ns=X509_get_ext_d2i(x, NID_netscape_cert_type, NULL, NULL))) {
402 if(ns->length > 0) x->ex_nscert = ns->data[0];
403 else x->ex_nscert = 0;
404 x->ex_flags |= EXFLAG_NSCERT;
405 ASN1_BIT_STRING_free(ns);
406 }
407 x->skid =X509_get_ext_d2i(x, NID_subject_key_identifier, NULL, NULL);
408 x->akid =X509_get_ext_d2i(x, NID_authority_key_identifier, NULL, NULL);
409 for (i = 0; i < X509_get_ext_count(x); i++)
410 {
411 ex = X509_get_ext(x, i);
412 if (!X509_EXTENSION_get_critical(ex))
413 continue;
414 if (!X509_supported_extension(ex))
415 {
416 x->ex_flags |= EXFLAG_CRITICAL;
417 break;
418 }
419 }
420 x->ex_flags |= EXFLAG_SET;
421}
422
423/* CA checks common to all purposes
424 * return codes:
425 * 0 not a CA
426 * 1 is a CA
427 * 2 basicConstraints absent so "maybe" a CA
428 * 3 basicConstraints absent but self signed V1.
429 * 4 basicConstraints absent but keyUsage present and keyCertSign asserted.
430 */
431
432#define V1_ROOT (EXFLAG_V1|EXFLAG_SS)
433#define ku_reject(x, usage) \
434 (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
435#define xku_reject(x, usage) \
436 (((x)->ex_flags & EXFLAG_XKUSAGE) && !((x)->ex_xkusage & (usage)))
437#define ns_reject(x, usage) \
438 (((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage)))
439
440static int check_ca(const X509 *x)
441{
442 /* keyUsage if present should allow cert signing */
443 if(ku_reject(x, KU_KEY_CERT_SIGN)) return 0;
444 if(x->ex_flags & EXFLAG_BCONS) {
445 if(x->ex_flags & EXFLAG_CA) return 1;
446 /* If basicConstraints says not a CA then say so */
447 else return 0;
448 } else {
449 /* we support V1 roots for... uh, I don't really know why. */
450 if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3;
451 /* If key usage present it must have certSign so tolerate it */
452 else if (x->ex_flags & EXFLAG_KUSAGE) return 4;
453 /* Older certificates could have Netscape-specific CA types */
454 else if (x->ex_flags & EXFLAG_NSCERT
455 && x->ex_nscert & NS_ANY_CA) return 5;
456 /* can this still be regarded a CA certificate? I doubt it */
457 return 0;
458 }
459}
460
461int X509_check_ca(X509 *x)
462{
463 if(!(x->ex_flags & EXFLAG_SET)) {
464 CRYPTO_w_lock(CRYPTO_LOCK_X509);
465 x509v3_cache_extensions(x);
466 CRYPTO_w_unlock(CRYPTO_LOCK_X509);
467 }
468
469 return check_ca(x);
470}
471
472/* Check SSL CA: common checks for SSL client and server */
473static int check_ssl_ca(const X509 *x)
474{
475 int ca_ret;
476 ca_ret = check_ca(x);
477 if(!ca_ret) return 0;
478 /* check nsCertType if present */
479 if(ca_ret != 5 || x->ex_nscert & NS_SSL_CA) return ca_ret;
480 else return 0;
481}
482
483
484static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca)
485{
486 if(xku_reject(x,XKU_SSL_CLIENT)) return 0;
487 if(ca) return check_ssl_ca(x);
488 /* We need to do digital signatures with it */
489 if(ku_reject(x,KU_DIGITAL_SIGNATURE)) return 0;
490 /* nsCertType if present should allow SSL client use */
491 if(ns_reject(x, NS_SSL_CLIENT)) return 0;
492 return 1;
493}
494
495static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca)
496{
497 if(xku_reject(x,XKU_SSL_SERVER|XKU_SGC)) return 0;
498 if(ca) return check_ssl_ca(x);
499
500 if(ns_reject(x, NS_SSL_SERVER)) return 0;
501 /* Now as for keyUsage: we'll at least need to sign OR encipher */
502 if(ku_reject(x, KU_DIGITAL_SIGNATURE|KU_KEY_ENCIPHERMENT)) return 0;
503
504 return 1;
505
506}
507
508static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca)
509{
510 int ret;
511 ret = check_purpose_ssl_server(xp, x, ca);
512 if(!ret || ca) return ret;
513 /* We need to encipher or Netscape complains */
514 if(ku_reject(x, KU_KEY_ENCIPHERMENT)) return 0;
515 return ret;
516}
517
518/* common S/MIME checks */
519static int purpose_smime(const X509 *x, int ca)
520{
521 if(xku_reject(x,XKU_SMIME)) return 0;
522 if(ca) {
523 int ca_ret;
524 ca_ret = check_ca(x);
525 if(!ca_ret) return 0;
526 /* check nsCertType if present */
527 if(ca_ret != 5 || x->ex_nscert & NS_SMIME_CA) return ca_ret;
528 else return 0;
529 }
530 if(x->ex_flags & EXFLAG_NSCERT) {
531 if(x->ex_nscert & NS_SMIME) return 1;
532 /* Workaround for some buggy certificates */
533 if(x->ex_nscert & NS_SSL_CLIENT) return 2;
534 return 0;
535 }
536 return 1;
537}
538
539static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int ca)
540{
541 int ret;
542 ret = purpose_smime(x, ca);
543 if(!ret || ca) return ret;
544 if(ku_reject(x, KU_DIGITAL_SIGNATURE|KU_NON_REPUDIATION)) return 0;
545 return ret;
546}
547
548static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, int ca)
549{
550 int ret;
551 ret = purpose_smime(x, ca);
552 if(!ret || ca) return ret;
553 if(ku_reject(x, KU_KEY_ENCIPHERMENT)) return 0;
554 return ret;
555}
556
557static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca)
558{
559 if(ca) {
560 int ca_ret;
561 if((ca_ret = check_ca(x)) != 2) return ca_ret;
562 else return 0;
563 }
564 if(ku_reject(x, KU_CRL_SIGN)) return 0;
565 return 1;
566}
567
568/* OCSP helper: this is *not* a full OCSP check. It just checks that
569 * each CA is valid. Additional checks must be made on the chain.
570 */
571
572static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca)
573{
574 /* Must be a valid CA. Should we really support the "I don't know"
575 value (2)? */
576 if(ca) return check_ca(x);
577 /* leaf certificate is checked in OCSP_verify() */
578 return 1;
579}
580
581static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca)
582{
583 return 1;
584}
585
586/* Various checks to see if one certificate issued the second.
587 * This can be used to prune a set of possible issuer certificates
588 * which have been looked up using some simple method such as by
589 * subject name.
590 * These are:
591 * 1. Check issuer_name(subject) == subject_name(issuer)
592 * 2. If akid(subject) exists check it matches issuer
593 * 3. If key_usage(issuer) exists check it supports certificate signing
594 * returns 0 for OK, positive for reason for mismatch, reasons match
595 * codes for X509_verify_cert()
596 */
597
598int X509_check_issued(X509 *issuer, X509 *subject)
599{
600 if(X509_NAME_cmp(X509_get_subject_name(issuer),
601 X509_get_issuer_name(subject)))
602 return X509_V_ERR_SUBJECT_ISSUER_MISMATCH;
603 x509v3_cache_extensions(issuer);
604 x509v3_cache_extensions(subject);
605 if(subject->akid) {
606 /* Check key ids (if present) */
607 if(subject->akid->keyid && issuer->skid &&
608 ASN1_OCTET_STRING_cmp(subject->akid->keyid, issuer->skid) )
609 return X509_V_ERR_AKID_SKID_MISMATCH;
610 /* Check serial number */
611 if(subject->akid->serial &&
612 ASN1_INTEGER_cmp(X509_get_serialNumber(issuer),
613 subject->akid->serial))
614 return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
615 /* Check issuer name */
616 if(subject->akid->issuer) {
617 /* Ugh, for some peculiar reason AKID includes
618 * SEQUENCE OF GeneralName. So look for a DirName.
619 * There may be more than one but we only take any
620 * notice of the first.
621 */
622 GENERAL_NAMES *gens;
623 GENERAL_NAME *gen;
624 X509_NAME *nm = NULL;
625 int i;
626 gens = subject->akid->issuer;
627 for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
628 gen = sk_GENERAL_NAME_value(gens, i);
629 if(gen->type == GEN_DIRNAME) {
630 nm = gen->d.dirn;
631 break;
632 }
633 }
634 if(nm && X509_NAME_cmp(nm, X509_get_issuer_name(issuer)))
635 return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
636 }
637 }
638 if(subject->ex_flags & EXFLAG_PROXY)
639 {
640 if(ku_reject(issuer, KU_DIGITAL_SIGNATURE))
641 return X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE;
642 }
643 else if(ku_reject(issuer, KU_KEY_CERT_SIGN))
644 return X509_V_ERR_KEYUSAGE_NO_CERTSIGN;
645 return X509_V_OK;
646}
647
diff --git a/src/lib/libcrypto/x509v3/v3_skey.c b/src/lib/libcrypto/x509v3/v3_skey.c
new file mode 100644
index 0000000000..c0f044ac1b
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_skey.c
@@ -0,0 +1,144 @@
1/* v3_skey.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59
60#include <stdio.h>
61#include "cryptlib.h"
62#include <openssl/x509v3.h>
63
64static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
65X509V3_EXT_METHOD v3_skey_id = {
66NID_subject_key_identifier, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING),
670,0,0,0,
68(X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING,
69(X509V3_EXT_S2I)s2i_skey_id,
700,0,0,0,
71NULL};
72
73char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
74 ASN1_OCTET_STRING *oct)
75{
76 return hex_to_string(oct->data, oct->length);
77}
78
79ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
80 X509V3_CTX *ctx, char *str)
81{
82 ASN1_OCTET_STRING *oct;
83 long length;
84
85 if(!(oct = M_ASN1_OCTET_STRING_new())) {
86 X509V3err(X509V3_F_S2I_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE);
87 return NULL;
88 }
89
90 if(!(oct->data = string_to_hex(str, &length))) {
91 M_ASN1_OCTET_STRING_free(oct);
92 return NULL;
93 }
94
95 oct->length = length;
96
97 return oct;
98
99}
100
101static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
102 X509V3_CTX *ctx, char *str)
103{
104 ASN1_OCTET_STRING *oct;
105 ASN1_BIT_STRING *pk;
106 unsigned char pkey_dig[EVP_MAX_MD_SIZE];
107 unsigned int diglen;
108
109 if(strcmp(str, "hash")) return s2i_ASN1_OCTET_STRING(method, ctx, str);
110
111 if(!(oct = M_ASN1_OCTET_STRING_new())) {
112 X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE);
113 return NULL;
114 }
115
116 if(ctx && (ctx->flags == CTX_TEST)) return oct;
117
118 if(!ctx || (!ctx->subject_req && !ctx->subject_cert)) {
119 X509V3err(X509V3_F_S2I_ASN1_SKEY_ID,X509V3_R_NO_PUBLIC_KEY);
120 goto err;
121 }
122
123 if(ctx->subject_req)
124 pk = ctx->subject_req->req_info->pubkey->public_key;
125 else pk = ctx->subject_cert->cert_info->key->public_key;
126
127 if(!pk) {
128 X509V3err(X509V3_F_S2I_ASN1_SKEY_ID,X509V3_R_NO_PUBLIC_KEY);
129 goto err;
130 }
131
132 EVP_Digest(pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL);
133
134 if(!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) {
135 X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE);
136 goto err;
137 }
138
139 return oct;
140
141 err:
142 M_ASN1_OCTET_STRING_free(oct);
143 return NULL;
144}
diff --git a/src/lib/libcrypto/x509v3/v3_sxnet.c b/src/lib/libcrypto/x509v3/v3_sxnet.c
new file mode 100644
index 0000000000..d3f4ba3a72
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_sxnet.c
@@ -0,0 +1,262 @@
1/* v3_sxnet.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/conf.h>
62#include <openssl/asn1.h>
63#include <openssl/asn1t.h>
64#include <openssl/x509v3.h>
65
66/* Support for Thawte strong extranet extension */
67
68#define SXNET_TEST
69
70static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, int indent);
71#ifdef SXNET_TEST
72static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
73 STACK_OF(CONF_VALUE) *nval);
74#endif
75X509V3_EXT_METHOD v3_sxnet = {
76NID_sxnet, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(SXNET),
770,0,0,0,
780,0,
790,
80#ifdef SXNET_TEST
81(X509V3_EXT_V2I)sxnet_v2i,
82#else
830,
84#endif
85(X509V3_EXT_I2R)sxnet_i2r,
860,
87NULL
88};
89
90ASN1_SEQUENCE(SXNETID) = {
91 ASN1_SIMPLE(SXNETID, zone, ASN1_INTEGER),
92 ASN1_SIMPLE(SXNETID, user, ASN1_OCTET_STRING)
93} ASN1_SEQUENCE_END(SXNETID)
94
95IMPLEMENT_ASN1_FUNCTIONS(SXNETID)
96
97ASN1_SEQUENCE(SXNET) = {
98 ASN1_SIMPLE(SXNET, version, ASN1_INTEGER),
99 ASN1_SEQUENCE_OF(SXNET, ids, SXNETID)
100} ASN1_SEQUENCE_END(SXNET)
101
102IMPLEMENT_ASN1_FUNCTIONS(SXNET)
103
104static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
105 int indent)
106{
107 long v;
108 char *tmp;
109 SXNETID *id;
110 int i;
111 v = ASN1_INTEGER_get(sx->version);
112 BIO_printf(out, "%*sVersion: %d (0x%X)", indent, "", v + 1, v);
113 for(i = 0; i < sk_SXNETID_num(sx->ids); i++) {
114 id = sk_SXNETID_value(sx->ids, i);
115 tmp = i2s_ASN1_INTEGER(NULL, id->zone);
116 BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp);
117 OPENSSL_free(tmp);
118 M_ASN1_OCTET_STRING_print(out, id->user);
119 }
120 return 1;
121}
122
123#ifdef SXNET_TEST
124
125/* NBB: this is used for testing only. It should *not* be used for anything
126 * else because it will just take static IDs from the configuration file and
127 * they should really be separate values for each user.
128 */
129
130
131static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
132 STACK_OF(CONF_VALUE) *nval)
133{
134 CONF_VALUE *cnf;
135 SXNET *sx = NULL;
136 int i;
137 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
138 cnf = sk_CONF_VALUE_value(nval, i);
139 if(!SXNET_add_id_asc(&sx, cnf->name, cnf->value, -1))
140 return NULL;
141 }
142 return sx;
143}
144
145
146#endif
147
148/* Strong Extranet utility functions */
149
150/* Add an id given the zone as an ASCII number */
151
152int SXNET_add_id_asc(SXNET **psx, char *zone, char *user,
153 int userlen)
154{
155 ASN1_INTEGER *izone = NULL;
156 if(!(izone = s2i_ASN1_INTEGER(NULL, zone))) {
157 X509V3err(X509V3_F_SXNET_ADD_ASC,X509V3_R_ERROR_CONVERTING_ZONE);
158 return 0;
159 }
160 return SXNET_add_id_INTEGER(psx, izone, user, userlen);
161}
162
163/* Add an id given the zone as an unsigned long */
164
165int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user,
166 int userlen)
167{
168 ASN1_INTEGER *izone = NULL;
169 if(!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) {
170 X509V3err(X509V3_F_SXNET_ADD_ID_ULONG,ERR_R_MALLOC_FAILURE);
171 M_ASN1_INTEGER_free(izone);
172 return 0;
173 }
174 return SXNET_add_id_INTEGER(psx, izone, user, userlen);
175
176}
177
178/* Add an id given the zone as an ASN1_INTEGER.
179 * Note this version uses the passed integer and doesn't make a copy so don't
180 * free it up afterwards.
181 */
182
183int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user,
184 int userlen)
185{
186 SXNET *sx = NULL;
187 SXNETID *id = NULL;
188 if(!psx || !zone || !user) {
189 X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_INVALID_NULL_ARGUMENT);
190 return 0;
191 }
192 if(userlen == -1) userlen = strlen(user);
193 if(userlen > 64) {
194 X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_USER_TOO_LONG);
195 return 0;
196 }
197 if(!*psx) {
198 if(!(sx = SXNET_new())) goto err;
199 if(!ASN1_INTEGER_set(sx->version, 0)) goto err;
200 *psx = sx;
201 } else sx = *psx;
202 if(SXNET_get_id_INTEGER(sx, zone)) {
203 X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_DUPLICATE_ZONE_ID);
204 return 0;
205 }
206
207 if(!(id = SXNETID_new())) goto err;
208 if(userlen == -1) userlen = strlen(user);
209
210 if(!M_ASN1_OCTET_STRING_set(id->user, user, userlen)) goto err;
211 if(!sk_SXNETID_push(sx->ids, id)) goto err;
212 id->zone = zone;
213 return 1;
214
215 err:
216 X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,ERR_R_MALLOC_FAILURE);
217 SXNETID_free(id);
218 SXNET_free(sx);
219 *psx = NULL;
220 return 0;
221}
222
223ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone)
224{
225 ASN1_INTEGER *izone = NULL;
226 ASN1_OCTET_STRING *oct;
227 if(!(izone = s2i_ASN1_INTEGER(NULL, zone))) {
228 X509V3err(X509V3_F_SXNET_GET_ID_ASC,X509V3_R_ERROR_CONVERTING_ZONE);
229 return NULL;
230 }
231 oct = SXNET_get_id_INTEGER(sx, izone);
232 M_ASN1_INTEGER_free(izone);
233 return oct;
234}
235
236ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone)
237{
238 ASN1_INTEGER *izone = NULL;
239 ASN1_OCTET_STRING *oct;
240 if(!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) {
241 X509V3err(X509V3_F_SXNET_GET_ID_ULONG,ERR_R_MALLOC_FAILURE);
242 M_ASN1_INTEGER_free(izone);
243 return NULL;
244 }
245 oct = SXNET_get_id_INTEGER(sx, izone);
246 M_ASN1_INTEGER_free(izone);
247 return oct;
248}
249
250ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone)
251{
252 SXNETID *id;
253 int i;
254 for(i = 0; i < sk_SXNETID_num(sx->ids); i++) {
255 id = sk_SXNETID_value(sx->ids, i);
256 if(!M_ASN1_INTEGER_cmp(id->zone, zone)) return id->user;
257 }
258 return NULL;
259}
260
261IMPLEMENT_STACK_OF(SXNETID)
262IMPLEMENT_ASN1_SET_OF(SXNETID)
diff --git a/src/lib/libcrypto/x509v3/v3_utl.c b/src/lib/libcrypto/x509v3/v3_utl.c
new file mode 100644
index 0000000000..f23a8d29a0
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_utl.c
@@ -0,0 +1,535 @@
1/* v3_utl.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58/* X509 v3 extension utilities */
59
60
61#include <stdio.h>
62#include <ctype.h>
63#include "cryptlib.h"
64#include <openssl/conf.h>
65#include <openssl/x509v3.h>
66
67static char *strip_spaces(char *name);
68static int sk_strcmp(const char * const *a, const char * const *b);
69static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens);
70static void str_free(void *str);
71static int append_ia5(STACK **sk, ASN1_IA5STRING *email);
72
73/* Add a CONF_VALUE name value pair to stack */
74
75int X509V3_add_value(const char *name, const char *value,
76 STACK_OF(CONF_VALUE) **extlist)
77{
78 CONF_VALUE *vtmp = NULL;
79 char *tname = NULL, *tvalue = NULL;
80 if(name && !(tname = BUF_strdup(name))) goto err;
81 if(value && !(tvalue = BUF_strdup(value))) goto err;
82 if(!(vtmp = (CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE)))) goto err;
83 if(!*extlist && !(*extlist = sk_CONF_VALUE_new_null())) goto err;
84 vtmp->section = NULL;
85 vtmp->name = tname;
86 vtmp->value = tvalue;
87 if(!sk_CONF_VALUE_push(*extlist, vtmp)) goto err;
88 return 1;
89 err:
90 X509V3err(X509V3_F_X509V3_ADD_VALUE,ERR_R_MALLOC_FAILURE);
91 if(vtmp) OPENSSL_free(vtmp);
92 if(tname) OPENSSL_free(tname);
93 if(tvalue) OPENSSL_free(tvalue);
94 return 0;
95}
96
97int X509V3_add_value_uchar(const char *name, const unsigned char *value,
98 STACK_OF(CONF_VALUE) **extlist)
99 {
100 return X509V3_add_value(name,(const char *)value,extlist);
101 }
102
103/* Free function for STACK_OF(CONF_VALUE) */
104
105void X509V3_conf_free(CONF_VALUE *conf)
106{
107 if(!conf) return;
108 if(conf->name) OPENSSL_free(conf->name);
109 if(conf->value) OPENSSL_free(conf->value);
110 if(conf->section) OPENSSL_free(conf->section);
111 OPENSSL_free(conf);
112}
113
114int X509V3_add_value_bool(const char *name, int asn1_bool,
115 STACK_OF(CONF_VALUE) **extlist)
116{
117 if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist);
118 return X509V3_add_value(name, "FALSE", extlist);
119}
120
121int X509V3_add_value_bool_nf(char *name, int asn1_bool,
122 STACK_OF(CONF_VALUE) **extlist)
123{
124 if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist);
125 return 1;
126}
127
128
129char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, ASN1_ENUMERATED *a)
130{
131 BIGNUM *bntmp = NULL;
132 char *strtmp = NULL;
133 if(!a) return NULL;
134 if(!(bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) ||
135 !(strtmp = BN_bn2dec(bntmp)) )
136 X509V3err(X509V3_F_I2S_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE);
137 BN_free(bntmp);
138 return strtmp;
139}
140
141char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, ASN1_INTEGER *a)
142{
143 BIGNUM *bntmp = NULL;
144 char *strtmp = NULL;
145 if(!a) return NULL;
146 if(!(bntmp = ASN1_INTEGER_to_BN(a, NULL)) ||
147 !(strtmp = BN_bn2dec(bntmp)) )
148 X509V3err(X509V3_F_I2S_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
149 BN_free(bntmp);
150 return strtmp;
151}
152
153ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value)
154{
155 BIGNUM *bn = NULL;
156 ASN1_INTEGER *aint;
157 int isneg, ishex;
158 int ret;
159 bn = BN_new();
160 if (!value) {
161 X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_INVALID_NULL_VALUE);
162 return 0;
163 }
164 if (value[0] == '-') {
165 value++;
166 isneg = 1;
167 } else isneg = 0;
168
169 if (value[0] == '0' && ((value[1] == 'x') || (value[1] == 'X'))) {
170 value += 2;
171 ishex = 1;
172 } else ishex = 0;
173
174 if (ishex) ret = BN_hex2bn(&bn, value);
175 else ret = BN_dec2bn(&bn, value);
176
177 if (!ret) {
178 X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_DEC2BN_ERROR);
179 return 0;
180 }
181
182 if (isneg && BN_is_zero(bn)) isneg = 0;
183
184 aint = BN_to_ASN1_INTEGER(bn, NULL);
185 BN_free(bn);
186 if (!aint) {
187 X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_TO_ASN1_INTEGER_ERROR);
188 return 0;
189 }
190 if (isneg) aint->type |= V_ASN1_NEG;
191 return aint;
192}
193
194int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
195 STACK_OF(CONF_VALUE) **extlist)
196{
197 char *strtmp;
198 int ret;
199 if(!aint) return 1;
200 if(!(strtmp = i2s_ASN1_INTEGER(NULL, aint))) return 0;
201 ret = X509V3_add_value(name, strtmp, extlist);
202 OPENSSL_free(strtmp);
203 return ret;
204}
205
206int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool)
207{
208 char *btmp;
209 if(!(btmp = value->value)) goto err;
210 if(!strcmp(btmp, "TRUE") || !strcmp(btmp, "true")
211 || !strcmp(btmp, "Y") || !strcmp(btmp, "y")
212 || !strcmp(btmp, "YES") || !strcmp(btmp, "yes")) {
213 *asn1_bool = 0xff;
214 return 1;
215 } else if(!strcmp(btmp, "FALSE") || !strcmp(btmp, "false")
216 || !strcmp(btmp, "N") || !strcmp(btmp, "n")
217 || !strcmp(btmp, "NO") || !strcmp(btmp, "no")) {
218 *asn1_bool = 0;
219 return 1;
220 }
221 err:
222 X509V3err(X509V3_F_X509V3_GET_VALUE_BOOL,X509V3_R_INVALID_BOOLEAN_STRING);
223 X509V3_conf_err(value);
224 return 0;
225}
226
227int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint)
228{
229 ASN1_INTEGER *itmp;
230 if(!(itmp = s2i_ASN1_INTEGER(NULL, value->value))) {
231 X509V3_conf_err(value);
232 return 0;
233 }
234 *aint = itmp;
235 return 1;
236}
237
238#define HDR_NAME 1
239#define HDR_VALUE 2
240
241/*#define DEBUG*/
242
243STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line)
244{
245 char *p, *q, c;
246 char *ntmp, *vtmp;
247 STACK_OF(CONF_VALUE) *values = NULL;
248 char *linebuf;
249 int state;
250 /* We are going to modify the line so copy it first */
251 linebuf = BUF_strdup(line);
252 state = HDR_NAME;
253 ntmp = NULL;
254 /* Go through all characters */
255 for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) {
256
257 switch(state) {
258 case HDR_NAME:
259 if(c == ':') {
260 state = HDR_VALUE;
261 *p = 0;
262 ntmp = strip_spaces(q);
263 if(!ntmp) {
264 X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
265 goto err;
266 }
267 q = p + 1;
268 } else if(c == ',') {
269 *p = 0;
270 ntmp = strip_spaces(q);
271 q = p + 1;
272#if 0
273 printf("%s\n", ntmp);
274#endif
275 if(!ntmp) {
276 X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
277 goto err;
278 }
279 X509V3_add_value(ntmp, NULL, &values);
280 }
281 break ;
282
283 case HDR_VALUE:
284 if(c == ',') {
285 state = HDR_NAME;
286 *p = 0;
287 vtmp = strip_spaces(q);
288#if 0
289 printf("%s\n", ntmp);
290#endif
291 if(!vtmp) {
292 X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE);
293 goto err;
294 }
295 X509V3_add_value(ntmp, vtmp, &values);
296 ntmp = NULL;
297 q = p + 1;
298 }
299
300 }
301 }
302
303 if(state == HDR_VALUE) {
304 vtmp = strip_spaces(q);
305#if 0
306 printf("%s=%s\n", ntmp, vtmp);
307#endif
308 if(!vtmp) {
309 X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE);
310 goto err;
311 }
312 X509V3_add_value(ntmp, vtmp, &values);
313 } else {
314 ntmp = strip_spaces(q);
315#if 0
316 printf("%s\n", ntmp);
317#endif
318 if(!ntmp) {
319 X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
320 goto err;
321 }
322 X509V3_add_value(ntmp, NULL, &values);
323 }
324OPENSSL_free(linebuf);
325return values;
326
327err:
328OPENSSL_free(linebuf);
329sk_CONF_VALUE_pop_free(values, X509V3_conf_free);
330return NULL;
331
332}
333
334/* Delete leading and trailing spaces from a string */
335static char *strip_spaces(char *name)
336{
337 char *p, *q;
338 /* Skip over leading spaces */
339 p = name;
340 while(isspace((unsigned char)*p)) p++;
341 if(!*p) return NULL;
342 q = p + strlen(p) - 1;
343 while((q != p) && isspace((unsigned char)*q)) q--;
344 if(p != q) q[1] = 0;
345 if(!*p) return NULL;
346 return p;
347}
348
349/* hex string utilities */
350
351/* Given a buffer of length 'len' return a OPENSSL_malloc'ed string with its
352 * hex representation
353 * @@@ (Contents of buffer are always kept in ASCII, also on EBCDIC machines)
354 */
355
356char *hex_to_string(unsigned char *buffer, long len)
357{
358 char *tmp, *q;
359 unsigned char *p;
360 int i;
361 static char hexdig[] = "0123456789ABCDEF";
362 if(!buffer || !len) return NULL;
363 if(!(tmp = OPENSSL_malloc(len * 3 + 1))) {
364 X509V3err(X509V3_F_HEX_TO_STRING,ERR_R_MALLOC_FAILURE);
365 return NULL;
366 }
367 q = tmp;
368 for(i = 0, p = buffer; i < len; i++,p++) {
369 *q++ = hexdig[(*p >> 4) & 0xf];
370 *q++ = hexdig[*p & 0xf];
371 *q++ = ':';
372 }
373 q[-1] = 0;
374#ifdef CHARSET_EBCDIC
375 ebcdic2ascii(tmp, tmp, q - tmp - 1);
376#endif
377
378 return tmp;
379}
380
381/* Give a string of hex digits convert to
382 * a buffer
383 */
384
385unsigned char *string_to_hex(char *str, long *len)
386{
387 unsigned char *hexbuf, *q;
388 unsigned char ch, cl, *p;
389 if(!str) {
390 X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_INVALID_NULL_ARGUMENT);
391 return NULL;
392 }
393 if(!(hexbuf = OPENSSL_malloc(strlen(str) >> 1))) goto err;
394 for(p = (unsigned char *)str, q = hexbuf; *p;) {
395 ch = *p++;
396#ifdef CHARSET_EBCDIC
397 ch = os_toebcdic[ch];
398#endif
399 if(ch == ':') continue;
400 cl = *p++;
401#ifdef CHARSET_EBCDIC
402 cl = os_toebcdic[cl];
403#endif
404 if(!cl) {
405 X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ODD_NUMBER_OF_DIGITS);
406 OPENSSL_free(hexbuf);
407 return NULL;
408 }
409 if(isupper(ch)) ch = tolower(ch);
410 if(isupper(cl)) cl = tolower(cl);
411
412 if((ch >= '0') && (ch <= '9')) ch -= '0';
413 else if ((ch >= 'a') && (ch <= 'f')) ch -= 'a' - 10;
414 else goto badhex;
415
416 if((cl >= '0') && (cl <= '9')) cl -= '0';
417 else if ((cl >= 'a') && (cl <= 'f')) cl -= 'a' - 10;
418 else goto badhex;
419
420 *q++ = (ch << 4) | cl;
421 }
422
423 if(len) *len = q - hexbuf;
424
425 return hexbuf;
426
427 err:
428 if(hexbuf) OPENSSL_free(hexbuf);
429 X509V3err(X509V3_F_STRING_TO_HEX,ERR_R_MALLOC_FAILURE);
430 return NULL;
431
432 badhex:
433 OPENSSL_free(hexbuf);
434 X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ILLEGAL_HEX_DIGIT);
435 return NULL;
436
437}
438
439/* V2I name comparison function: returns zero if 'name' matches
440 * cmp or cmp.*
441 */
442
443int name_cmp(const char *name, const char *cmp)
444{
445 int len, ret;
446 char c;
447 len = strlen(cmp);
448 if((ret = strncmp(name, cmp, len))) return ret;
449 c = name[len];
450 if(!c || (c=='.')) return 0;
451 return 1;
452}
453
454static int sk_strcmp(const char * const *a, const char * const *b)
455{
456 return strcmp(*a, *b);
457}
458
459STACK *X509_get1_email(X509 *x)
460{
461 GENERAL_NAMES *gens;
462 STACK *ret;
463 gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
464 ret = get_email(X509_get_subject_name(x), gens);
465 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
466 return ret;
467}
468
469STACK *X509_REQ_get1_email(X509_REQ *x)
470{
471 GENERAL_NAMES *gens;
472 STACK_OF(X509_EXTENSION) *exts;
473 STACK *ret;
474 exts = X509_REQ_get_extensions(x);
475 gens = X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL);
476 ret = get_email(X509_REQ_get_subject_name(x), gens);
477 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
478 sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
479 return ret;
480}
481
482
483static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens)
484{
485 STACK *ret = NULL;
486 X509_NAME_ENTRY *ne;
487 ASN1_IA5STRING *email;
488 GENERAL_NAME *gen;
489 int i;
490 /* Now add any email address(es) to STACK */
491 i = -1;
492 /* First supplied X509_NAME */
493 while((i = X509_NAME_get_index_by_NID(name,
494 NID_pkcs9_emailAddress, i)) >= 0) {
495 ne = X509_NAME_get_entry(name, i);
496 email = X509_NAME_ENTRY_get_data(ne);
497 if(!append_ia5(&ret, email)) return NULL;
498 }
499 for(i = 0; i < sk_GENERAL_NAME_num(gens); i++)
500 {
501 gen = sk_GENERAL_NAME_value(gens, i);
502 if(gen->type != GEN_EMAIL) continue;
503 if(!append_ia5(&ret, gen->d.ia5)) return NULL;
504 }
505 return ret;
506}
507
508static void str_free(void *str)
509{
510 OPENSSL_free(str);
511}
512
513static int append_ia5(STACK **sk, ASN1_IA5STRING *email)
514{
515 char *emtmp;
516 /* First some sanity checks */
517 if(email->type != V_ASN1_IA5STRING) return 1;
518 if(!email->data || !email->length) return 1;
519 if(!*sk) *sk = sk_new(sk_strcmp);
520 if(!*sk) return 0;
521 /* Don't add duplicates */
522 if(sk_find(*sk, (char *)email->data) != -1) return 1;
523 emtmp = BUF_strdup((char *)email->data);
524 if(!emtmp || !sk_push(*sk, emtmp)) {
525 X509_email_free(*sk);
526 *sk = NULL;
527 return 0;
528 }
529 return 1;
530}
531
532void X509_email_free(STACK *sk)
533{
534 sk_pop_free(sk, str_free);
535}
diff --git a/src/lib/libcrypto/x509v3/v3err.c b/src/lib/libcrypto/x509v3/v3err.c
new file mode 100644
index 0000000000..e1edaf5248
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3err.c
@@ -0,0 +1,197 @@
1/* crypto/x509v3/v3err.c */
2/* ====================================================================
3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include <openssl/x509v3.h>
64
65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509V3,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509V3,0,reason)
70
71static ERR_STRING_DATA X509V3_str_functs[]=
72 {
73{ERR_FUNC(X509V3_F_COPY_EMAIL), "COPY_EMAIL"},
74{ERR_FUNC(X509V3_F_COPY_ISSUER), "COPY_ISSUER"},
75{ERR_FUNC(X509V3_F_DO_EXT_CONF), "DO_EXT_CONF"},
76{ERR_FUNC(X509V3_F_DO_EXT_I2D), "DO_EXT_I2D"},
77{ERR_FUNC(X509V3_F_HEX_TO_STRING), "hex_to_string"},
78{ERR_FUNC(X509V3_F_I2S_ASN1_ENUMERATED), "i2s_ASN1_ENUMERATED"},
79{ERR_FUNC(X509V3_F_I2S_ASN1_IA5STRING), "I2S_ASN1_IA5STRING"},
80{ERR_FUNC(X509V3_F_I2S_ASN1_INTEGER), "i2s_ASN1_INTEGER"},
81{ERR_FUNC(X509V3_F_I2V_AUTHORITY_INFO_ACCESS), "I2V_AUTHORITY_INFO_ACCESS"},
82{ERR_FUNC(X509V3_F_NOTICE_SECTION), "NOTICE_SECTION"},
83{ERR_FUNC(X509V3_F_NREF_NOS), "NREF_NOS"},
84{ERR_FUNC(X509V3_F_POLICY_SECTION), "POLICY_SECTION"},
85{ERR_FUNC(X509V3_F_R2I_CERTPOL), "R2I_CERTPOL"},
86{ERR_FUNC(X509V3_F_R2I_PCI), "R2I_PCI"},
87{ERR_FUNC(X509V3_F_S2I_ASN1_IA5STRING), "S2I_ASN1_IA5STRING"},
88{ERR_FUNC(X509V3_F_S2I_ASN1_INTEGER), "s2i_ASN1_INTEGER"},
89{ERR_FUNC(X509V3_F_S2I_ASN1_OCTET_STRING), "s2i_ASN1_OCTET_STRING"},
90{ERR_FUNC(X509V3_F_S2I_ASN1_SKEY_ID), "S2I_ASN1_SKEY_ID"},
91{ERR_FUNC(X509V3_F_S2I_S2I_SKEY_ID), "S2I_S2I_SKEY_ID"},
92{ERR_FUNC(X509V3_F_STRING_TO_HEX), "string_to_hex"},
93{ERR_FUNC(X509V3_F_SXNET_ADD_ASC), "SXNET_ADD_ASC"},
94{ERR_FUNC(X509V3_F_SXNET_ADD_ID_INTEGER), "SXNET_add_id_INTEGER"},
95{ERR_FUNC(X509V3_F_SXNET_ADD_ID_ULONG), "SXNET_add_id_ulong"},
96{ERR_FUNC(X509V3_F_SXNET_GET_ID_ASC), "SXNET_get_id_asc"},
97{ERR_FUNC(X509V3_F_SXNET_GET_ID_ULONG), "SXNET_get_id_ulong"},
98{ERR_FUNC(X509V3_F_V2I_ACCESS_DESCRIPTION), "V2I_ACCESS_DESCRIPTION"},
99{ERR_FUNC(X509V3_F_V2I_ASN1_BIT_STRING), "V2I_ASN1_BIT_STRING"},
100{ERR_FUNC(X509V3_F_V2I_AUTHORITY_KEYID), "V2I_AUTHORITY_KEYID"},
101{ERR_FUNC(X509V3_F_V2I_BASIC_CONSTRAINTS), "V2I_BASIC_CONSTRAINTS"},
102{ERR_FUNC(X509V3_F_V2I_CRLD), "V2I_CRLD"},
103{ERR_FUNC(X509V3_F_V2I_EXT_KU), "V2I_EXT_KU"},
104{ERR_FUNC(X509V3_F_V2I_GENERAL_NAME), "v2i_GENERAL_NAME"},
105{ERR_FUNC(X509V3_F_V2I_GENERAL_NAMES), "v2i_GENERAL_NAMES"},
106{ERR_FUNC(X509V3_F_V3_GENERIC_EXTENSION), "V3_GENERIC_EXTENSION"},
107{ERR_FUNC(X509V3_F_X509V3_ADD_I2D), "X509V3_ADD_I2D"},
108{ERR_FUNC(X509V3_F_X509V3_ADD_VALUE), "X509V3_add_value"},
109{ERR_FUNC(X509V3_F_X509V3_EXT_ADD), "X509V3_EXT_add"},
110{ERR_FUNC(X509V3_F_X509V3_EXT_ADD_ALIAS), "X509V3_EXT_add_alias"},
111{ERR_FUNC(X509V3_F_X509V3_EXT_CONF), "X509V3_EXT_conf"},
112{ERR_FUNC(X509V3_F_X509V3_EXT_I2D), "X509V3_EXT_i2d"},
113{ERR_FUNC(X509V3_F_X509V3_GET_VALUE_BOOL), "X509V3_get_value_bool"},
114{ERR_FUNC(X509V3_F_X509V3_PARSE_LIST), "X509V3_parse_list"},
115{ERR_FUNC(X509V3_F_X509_PURPOSE_ADD), "X509_PURPOSE_add"},
116{ERR_FUNC(X509V3_F_X509_PURPOSE_SET), "X509_PURPOSE_set"},
117{0,NULL}
118 };
119
120static ERR_STRING_DATA X509V3_str_reasons[]=
121 {
122{ERR_REASON(X509V3_R_BAD_IP_ADDRESS) ,"bad ip address"},
123{ERR_REASON(X509V3_R_BAD_OBJECT) ,"bad object"},
124{ERR_REASON(X509V3_R_BN_DEC2BN_ERROR) ,"bn dec2bn error"},
125{ERR_REASON(X509V3_R_BN_TO_ASN1_INTEGER_ERROR),"bn to asn1 integer error"},
126{ERR_REASON(X509V3_R_DUPLICATE_ZONE_ID) ,"duplicate zone id"},
127{ERR_REASON(X509V3_R_ERROR_CONVERTING_ZONE),"error converting zone"},
128{ERR_REASON(X509V3_R_ERROR_CREATING_EXTENSION),"error creating extension"},
129{ERR_REASON(X509V3_R_ERROR_IN_EXTENSION) ,"error in extension"},
130{ERR_REASON(X509V3_R_EXPECTED_A_SECTION_NAME),"expected a section name"},
131{ERR_REASON(X509V3_R_EXTENSION_EXISTS) ,"extension exists"},
132{ERR_REASON(X509V3_R_EXTENSION_NAME_ERROR),"extension name error"},
133{ERR_REASON(X509V3_R_EXTENSION_NOT_FOUND),"extension not found"},
134{ERR_REASON(X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED),"extension setting not supported"},
135{ERR_REASON(X509V3_R_EXTENSION_VALUE_ERROR),"extension value error"},
136{ERR_REASON(X509V3_R_ILLEGAL_HEX_DIGIT) ,"illegal hex digit"},
137{ERR_REASON(X509V3_R_INCORRECT_POLICY_SYNTAX_TAG),"incorrect policy syntax tag"},
138{ERR_REASON(X509V3_R_INVALID_BOOLEAN_STRING),"invalid boolean string"},
139{ERR_REASON(X509V3_R_INVALID_EXTENSION_STRING),"invalid extension string"},
140{ERR_REASON(X509V3_R_INVALID_NAME) ,"invalid name"},
141{ERR_REASON(X509V3_R_INVALID_NULL_ARGUMENT),"invalid null argument"},
142{ERR_REASON(X509V3_R_INVALID_NULL_NAME) ,"invalid null name"},
143{ERR_REASON(X509V3_R_INVALID_NULL_VALUE) ,"invalid null value"},
144{ERR_REASON(X509V3_R_INVALID_NUMBER) ,"invalid number"},
145{ERR_REASON(X509V3_R_INVALID_NUMBERS) ,"invalid numbers"},
146{ERR_REASON(X509V3_R_INVALID_OBJECT_IDENTIFIER),"invalid object identifier"},
147{ERR_REASON(X509V3_R_INVALID_OPTION) ,"invalid option"},
148{ERR_REASON(X509V3_R_INVALID_POLICY_IDENTIFIER),"invalid policy identifier"},
149{ERR_REASON(X509V3_R_INVALID_PROXY_POLICY_IDENTIFIER),"invalid proxy policy identifier"},
150{ERR_REASON(X509V3_R_INVALID_PROXY_POLICY_SETTING),"invalid proxy policy setting"},
151{ERR_REASON(X509V3_R_INVALID_PURPOSE) ,"invalid purpose"},
152{ERR_REASON(X509V3_R_INVALID_SECTION) ,"invalid section"},
153{ERR_REASON(X509V3_R_INVALID_SYNTAX) ,"invalid syntax"},
154{ERR_REASON(X509V3_R_ISSUER_DECODE_ERROR),"issuer decode error"},
155{ERR_REASON(X509V3_R_MISSING_VALUE) ,"missing value"},
156{ERR_REASON(X509V3_R_NEED_ORGANIZATION_AND_NUMBERS),"need organization and numbers"},
157{ERR_REASON(X509V3_R_NO_CONFIG_DATABASE) ,"no config database"},
158{ERR_REASON(X509V3_R_NO_ISSUER_CERTIFICATE),"no issuer certificate"},
159{ERR_REASON(X509V3_R_NO_ISSUER_DETAILS) ,"no issuer details"},
160{ERR_REASON(X509V3_R_NO_POLICY_IDENTIFIER),"no policy identifier"},
161{ERR_REASON(X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED),"no proxy cert policy language defined"},
162{ERR_REASON(X509V3_R_NO_PUBLIC_KEY) ,"no public key"},
163{ERR_REASON(X509V3_R_NO_SUBJECT_DETAILS) ,"no subject details"},
164{ERR_REASON(X509V3_R_ODD_NUMBER_OF_DIGITS),"odd number of digits"},
165{ERR_REASON(X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED),"policy language alreadty defined"},
166{ERR_REASON(X509V3_R_POLICY_PATH_LENGTH) ,"policy path length"},
167{ERR_REASON(X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED),"policy path length alreadty defined"},
168{ERR_REASON(X509V3_R_POLICY_SYNTAX_NOT) ,"policy syntax not"},
169{ERR_REASON(X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED),"policy syntax not currently supported"},
170{ERR_REASON(X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY),"policy when proxy language requires no policy"},
171{ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS),"unable to get issuer details"},
172{ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_KEYID),"unable to get issuer keyid"},
173{ERR_REASON(X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT),"unknown bit string argument"},
174{ERR_REASON(X509V3_R_UNKNOWN_EXTENSION) ,"unknown extension"},
175{ERR_REASON(X509V3_R_UNKNOWN_EXTENSION_NAME),"unknown extension name"},
176{ERR_REASON(X509V3_R_UNKNOWN_OPTION) ,"unknown option"},
177{ERR_REASON(X509V3_R_UNSUPPORTED_OPTION) ,"unsupported option"},
178{ERR_REASON(X509V3_R_USER_TOO_LONG) ,"user too long"},
179{0,NULL}
180 };
181
182#endif
183
184void ERR_load_X509V3_strings(void)
185 {
186 static int init=1;
187
188 if (init)
189 {
190 init=0;
191#ifndef OPENSSL_NO_ERR
192 ERR_load_strings(0,X509V3_str_functs);
193 ERR_load_strings(0,X509V3_str_reasons);
194#endif
195
196 }
197 }
diff --git a/src/lib/libcrypto/x509v3/x509v3.h b/src/lib/libcrypto/x509v3/x509v3.h
new file mode 100644
index 0000000000..e6d91251c2
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/x509v3.h
@@ -0,0 +1,687 @@
1/* x509v3.h */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58#ifndef HEADER_X509V3_H
59#define HEADER_X509V3_H
60
61#include <openssl/bio.h>
62#include <openssl/x509.h>
63#include <openssl/conf.h>
64
65#ifdef __cplusplus
66extern "C" {
67#endif
68
69/* Forward reference */
70struct v3_ext_method;
71struct v3_ext_ctx;
72
73/* Useful typedefs */
74
75typedef void * (*X509V3_EXT_NEW)(void);
76typedef void (*X509V3_EXT_FREE)(void *);
77typedef void * (*X509V3_EXT_D2I)(void *, unsigned char ** , long);
78typedef int (*X509V3_EXT_I2D)(void *, unsigned char **);
79typedef STACK_OF(CONF_VALUE) * (*X509V3_EXT_I2V)(struct v3_ext_method *method, void *ext, STACK_OF(CONF_VALUE) *extlist);
80typedef void * (*X509V3_EXT_V2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, STACK_OF(CONF_VALUE) *values);
81typedef char * (*X509V3_EXT_I2S)(struct v3_ext_method *method, void *ext);
82typedef void * (*X509V3_EXT_S2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
83typedef int (*X509V3_EXT_I2R)(struct v3_ext_method *method, void *ext, BIO *out, int indent);
84typedef void * (*X509V3_EXT_R2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
85
86/* V3 extension structure */
87
88struct v3_ext_method {
89int ext_nid;
90int ext_flags;
91/* If this is set the following four fields are ignored */
92ASN1_ITEM_EXP *it;
93/* Old style ASN1 calls */
94X509V3_EXT_NEW ext_new;
95X509V3_EXT_FREE ext_free;
96X509V3_EXT_D2I d2i;
97X509V3_EXT_I2D i2d;
98
99/* The following pair is used for string extensions */
100X509V3_EXT_I2S i2s;
101X509V3_EXT_S2I s2i;
102
103/* The following pair is used for multi-valued extensions */
104X509V3_EXT_I2V i2v;
105X509V3_EXT_V2I v2i;
106
107/* The following are used for raw extensions */
108X509V3_EXT_I2R i2r;
109X509V3_EXT_R2I r2i;
110
111void *usr_data; /* Any extension specific data */
112};
113
114typedef struct X509V3_CONF_METHOD_st {
115char * (*get_string)(void *db, char *section, char *value);
116STACK_OF(CONF_VALUE) * (*get_section)(void *db, char *section);
117void (*free_string)(void *db, char * string);
118void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section);
119} X509V3_CONF_METHOD;
120
121/* Context specific info */
122struct v3_ext_ctx {
123#define CTX_TEST 0x1
124int flags;
125X509 *issuer_cert;
126X509 *subject_cert;
127X509_REQ *subject_req;
128X509_CRL *crl;
129X509V3_CONF_METHOD *db_meth;
130void *db;
131/* Maybe more here */
132};
133
134typedef struct v3_ext_method X509V3_EXT_METHOD;
135typedef struct v3_ext_ctx X509V3_CTX;
136
137DECLARE_STACK_OF(X509V3_EXT_METHOD)
138
139/* ext_flags values */
140#define X509V3_EXT_DYNAMIC 0x1
141#define X509V3_EXT_CTX_DEP 0x2
142#define X509V3_EXT_MULTILINE 0x4
143
144typedef BIT_STRING_BITNAME ENUMERATED_NAMES;
145
146typedef struct BASIC_CONSTRAINTS_st {
147int ca;
148ASN1_INTEGER *pathlen;
149} BASIC_CONSTRAINTS;
150
151
152typedef struct PKEY_USAGE_PERIOD_st {
153ASN1_GENERALIZEDTIME *notBefore;
154ASN1_GENERALIZEDTIME *notAfter;
155} PKEY_USAGE_PERIOD;
156
157typedef struct otherName_st {
158ASN1_OBJECT *type_id;
159ASN1_TYPE *value;
160} OTHERNAME;
161
162typedef struct EDIPartyName_st {
163 ASN1_STRING *nameAssigner;
164 ASN1_STRING *partyName;
165} EDIPARTYNAME;
166
167typedef struct GENERAL_NAME_st {
168
169#define GEN_OTHERNAME 0
170#define GEN_EMAIL 1
171#define GEN_DNS 2
172#define GEN_X400 3
173#define GEN_DIRNAME 4
174#define GEN_EDIPARTY 5
175#define GEN_URI 6
176#define GEN_IPADD 7
177#define GEN_RID 8
178
179int type;
180union {
181 char *ptr;
182 OTHERNAME *otherName; /* otherName */
183 ASN1_IA5STRING *rfc822Name;
184 ASN1_IA5STRING *dNSName;
185 ASN1_TYPE *x400Address;
186 X509_NAME *directoryName;
187 EDIPARTYNAME *ediPartyName;
188 ASN1_IA5STRING *uniformResourceIdentifier;
189 ASN1_OCTET_STRING *iPAddress;
190 ASN1_OBJECT *registeredID;
191
192 /* Old names */
193 ASN1_OCTET_STRING *ip; /* iPAddress */
194 X509_NAME *dirn; /* dirn */
195 ASN1_IA5STRING *ia5;/* rfc822Name, dNSName, uniformResourceIdentifier */
196 ASN1_OBJECT *rid; /* registeredID */
197 ASN1_TYPE *other; /* x400Address */
198} d;
199} GENERAL_NAME;
200
201typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
202
203typedef struct ACCESS_DESCRIPTION_st {
204 ASN1_OBJECT *method;
205 GENERAL_NAME *location;
206} ACCESS_DESCRIPTION;
207
208typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
209
210typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE;
211
212DECLARE_STACK_OF(GENERAL_NAME)
213DECLARE_ASN1_SET_OF(GENERAL_NAME)
214
215DECLARE_STACK_OF(ACCESS_DESCRIPTION)
216DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION)
217
218typedef struct DIST_POINT_NAME_st {
219int type;
220union {
221 GENERAL_NAMES *fullname;
222 STACK_OF(X509_NAME_ENTRY) *relativename;
223} name;
224} DIST_POINT_NAME;
225
226typedef struct DIST_POINT_st {
227DIST_POINT_NAME *distpoint;
228ASN1_BIT_STRING *reasons;
229GENERAL_NAMES *CRLissuer;
230} DIST_POINT;
231
232typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS;
233
234DECLARE_STACK_OF(DIST_POINT)
235DECLARE_ASN1_SET_OF(DIST_POINT)
236
237typedef struct AUTHORITY_KEYID_st {
238ASN1_OCTET_STRING *keyid;
239GENERAL_NAMES *issuer;
240ASN1_INTEGER *serial;
241} AUTHORITY_KEYID;
242
243/* Strong extranet structures */
244
245typedef struct SXNET_ID_st {
246 ASN1_INTEGER *zone;
247 ASN1_OCTET_STRING *user;
248} SXNETID;
249
250DECLARE_STACK_OF(SXNETID)
251DECLARE_ASN1_SET_OF(SXNETID)
252
253typedef struct SXNET_st {
254 ASN1_INTEGER *version;
255 STACK_OF(SXNETID) *ids;
256} SXNET;
257
258typedef struct NOTICEREF_st {
259 ASN1_STRING *organization;
260 STACK_OF(ASN1_INTEGER) *noticenos;
261} NOTICEREF;
262
263typedef struct USERNOTICE_st {
264 NOTICEREF *noticeref;
265 ASN1_STRING *exptext;
266} USERNOTICE;
267
268typedef struct POLICYQUALINFO_st {
269 ASN1_OBJECT *pqualid;
270 union {
271 ASN1_IA5STRING *cpsuri;
272 USERNOTICE *usernotice;
273 ASN1_TYPE *other;
274 } d;
275} POLICYQUALINFO;
276
277DECLARE_STACK_OF(POLICYQUALINFO)
278DECLARE_ASN1_SET_OF(POLICYQUALINFO)
279
280typedef struct POLICYINFO_st {
281 ASN1_OBJECT *policyid;
282 STACK_OF(POLICYQUALINFO) *qualifiers;
283} POLICYINFO;
284
285typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES;
286
287DECLARE_STACK_OF(POLICYINFO)
288DECLARE_ASN1_SET_OF(POLICYINFO)
289
290/* Proxy certificate structures, see RFC 3820 */
291typedef struct PROXY_POLICY_st
292 {
293 ASN1_OBJECT *policyLanguage;
294 ASN1_OCTET_STRING *policy;
295 } PROXY_POLICY;
296
297typedef struct PROXY_CERT_INFO_EXTENSION_st
298 {
299 ASN1_INTEGER *pcPathLengthConstraint;
300 PROXY_POLICY *proxyPolicy;
301 } PROXY_CERT_INFO_EXTENSION;
302
303DECLARE_ASN1_FUNCTIONS(PROXY_POLICY)
304DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)
305
306
307#define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \
308",name:", val->name, ",value:", val->value);
309
310#define X509V3_set_ctx_test(ctx) \
311 X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST)
312#define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL;
313
314#define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \
315 0,0,0,0, \
316 0,0, \
317 (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \
318 (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \
319 NULL, NULL, \
320 table}
321
322#define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \
323 0,0,0,0, \
324 (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \
325 (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \
326 0,0,0,0, \
327 NULL}
328
329#define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
330
331
332/* X509_PURPOSE stuff */
333
334#define EXFLAG_BCONS 0x1
335#define EXFLAG_KUSAGE 0x2
336#define EXFLAG_XKUSAGE 0x4
337#define EXFLAG_NSCERT 0x8
338
339#define EXFLAG_CA 0x10
340#define EXFLAG_SS 0x20
341#define EXFLAG_V1 0x40
342#define EXFLAG_INVALID 0x80
343#define EXFLAG_SET 0x100
344#define EXFLAG_CRITICAL 0x200
345#define EXFLAG_PROXY 0x400
346
347#define KU_DIGITAL_SIGNATURE 0x0080
348#define KU_NON_REPUDIATION 0x0040
349#define KU_KEY_ENCIPHERMENT 0x0020
350#define KU_DATA_ENCIPHERMENT 0x0010
351#define KU_KEY_AGREEMENT 0x0008
352#define KU_KEY_CERT_SIGN 0x0004
353#define KU_CRL_SIGN 0x0002
354#define KU_ENCIPHER_ONLY 0x0001
355#define KU_DECIPHER_ONLY 0x8000
356
357#define NS_SSL_CLIENT 0x80
358#define NS_SSL_SERVER 0x40
359#define NS_SMIME 0x20
360#define NS_OBJSIGN 0x10
361#define NS_SSL_CA 0x04
362#define NS_SMIME_CA 0x02
363#define NS_OBJSIGN_CA 0x01
364#define NS_ANY_CA (NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA)
365
366#define XKU_SSL_SERVER 0x1
367#define XKU_SSL_CLIENT 0x2
368#define XKU_SMIME 0x4
369#define XKU_CODE_SIGN 0x8
370#define XKU_SGC 0x10
371#define XKU_OCSP_SIGN 0x20
372#define XKU_TIMESTAMP 0x40
373#define XKU_DVCS 0x80
374
375#define X509_PURPOSE_DYNAMIC 0x1
376#define X509_PURPOSE_DYNAMIC_NAME 0x2
377
378typedef struct x509_purpose_st {
379 int purpose;
380 int trust; /* Default trust ID */
381 int flags;
382 int (*check_purpose)(const struct x509_purpose_st *,
383 const X509 *, int);
384 char *name;
385 char *sname;
386 void *usr_data;
387} X509_PURPOSE;
388
389#define X509_PURPOSE_SSL_CLIENT 1
390#define X509_PURPOSE_SSL_SERVER 2
391#define X509_PURPOSE_NS_SSL_SERVER 3
392#define X509_PURPOSE_SMIME_SIGN 4
393#define X509_PURPOSE_SMIME_ENCRYPT 5
394#define X509_PURPOSE_CRL_SIGN 6
395#define X509_PURPOSE_ANY 7
396#define X509_PURPOSE_OCSP_HELPER 8
397
398#define X509_PURPOSE_MIN 1
399#define X509_PURPOSE_MAX 8
400
401/* Flags for X509V3_EXT_print() */
402
403#define X509V3_EXT_UNKNOWN_MASK (0xfL << 16)
404/* Return error for unknown extensions */
405#define X509V3_EXT_DEFAULT 0
406/* Print error for unknown extensions */
407#define X509V3_EXT_ERROR_UNKNOWN (1L << 16)
408/* ASN1 parse unknown extensions */
409#define X509V3_EXT_PARSE_UNKNOWN (2L << 16)
410/* BIO_dump unknown extensions */
411#define X509V3_EXT_DUMP_UNKNOWN (3L << 16)
412
413/* Flags for X509V3_add1_i2d */
414
415#define X509V3_ADD_OP_MASK 0xfL
416#define X509V3_ADD_DEFAULT 0L
417#define X509V3_ADD_APPEND 1L
418#define X509V3_ADD_REPLACE 2L
419#define X509V3_ADD_REPLACE_EXISTING 3L
420#define X509V3_ADD_KEEP_EXISTING 4L
421#define X509V3_ADD_DELETE 5L
422#define X509V3_ADD_SILENT 0x10
423
424DECLARE_STACK_OF(X509_PURPOSE)
425
426DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS)
427
428DECLARE_ASN1_FUNCTIONS(SXNET)
429DECLARE_ASN1_FUNCTIONS(SXNETID)
430
431int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen);
432int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, int userlen);
433int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, char *user, int userlen);
434
435ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone);
436ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone);
437ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone);
438
439DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID)
440
441DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD)
442
443DECLARE_ASN1_FUNCTIONS(GENERAL_NAME)
444
445STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret);
446int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen);
447
448DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES)
449
450STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
451 GENERAL_NAMES *gen, STACK_OF(CONF_VALUE) *extlist);
452GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
453 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
454
455DECLARE_ASN1_FUNCTIONS(OTHERNAME)
456DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME)
457
458char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5);
459ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
460
461DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)
462int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a);
463
464DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES)
465DECLARE_ASN1_FUNCTIONS(POLICYINFO)
466DECLARE_ASN1_FUNCTIONS(POLICYQUALINFO)
467DECLARE_ASN1_FUNCTIONS(USERNOTICE)
468DECLARE_ASN1_FUNCTIONS(NOTICEREF)
469
470DECLARE_ASN1_FUNCTIONS(CRL_DIST_POINTS)
471DECLARE_ASN1_FUNCTIONS(DIST_POINT)
472DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME)
473
474DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)
475DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
476
477#ifdef HEADER_CONF_H
478GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, CONF_VALUE *cnf);
479void X509V3_conf_free(CONF_VALUE *val);
480
481X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value);
482X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value);
483int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, STACK_OF(X509_EXTENSION) **sk);
484int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert);
485int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);
486int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
487
488X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, char *value);
489X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value);
490int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert);
491int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);
492int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
493
494int X509V3_add_value_bool_nf(char *name, int asn1_bool,
495 STACK_OF(CONF_VALUE) **extlist);
496int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
497int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
498void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf);
499void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash);
500#endif
501
502char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section);
503STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section);
504void X509V3_string_free(X509V3_CTX *ctx, char *str);
505void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section);
506void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
507 X509_REQ *req, X509_CRL *crl, int flags);
508
509int X509V3_add_value(const char *name, const char *value,
510 STACK_OF(CONF_VALUE) **extlist);
511int X509V3_add_value_uchar(const char *name, const unsigned char *value,
512 STACK_OF(CONF_VALUE) **extlist);
513int X509V3_add_value_bool(const char *name, int asn1_bool,
514 STACK_OF(CONF_VALUE) **extlist);
515int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
516 STACK_OF(CONF_VALUE) **extlist);
517char * i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint);
518ASN1_INTEGER * s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value);
519char * i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);
520char * i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);
521int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
522int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist);
523int X509V3_EXT_add_alias(int nid_to, int nid_from);
524void X509V3_EXT_cleanup(void);
525
526X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext);
527X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
528int X509V3_add_standard_extensions(void);
529STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line);
530void *X509V3_EXT_d2i(X509_EXTENSION *ext);
531void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx);
532
533
534X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
535int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags);
536
537char *hex_to_string(unsigned char *buffer, long len);
538unsigned char *string_to_hex(char *str, long *len);
539int name_cmp(const char *name, const char *cmp);
540
541void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
542 int ml);
543int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent);
544int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
545
546int X509V3_extensions_print(BIO *out, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent);
547
548int X509_check_ca(X509 *x);
549int X509_check_purpose(X509 *x, int id, int ca);
550int X509_supported_extension(X509_EXTENSION *ex);
551int X509_PURPOSE_set(int *p, int purpose);
552int X509_check_issued(X509 *issuer, X509 *subject);
553int X509_PURPOSE_get_count(void);
554X509_PURPOSE * X509_PURPOSE_get0(int idx);
555int X509_PURPOSE_get_by_sname(char *sname);
556int X509_PURPOSE_get_by_id(int id);
557int X509_PURPOSE_add(int id, int trust, int flags,
558 int (*ck)(const X509_PURPOSE *, const X509 *, int),
559 char *name, char *sname, void *arg);
560char *X509_PURPOSE_get0_name(X509_PURPOSE *xp);
561char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp);
562int X509_PURPOSE_get_trust(X509_PURPOSE *xp);
563void X509_PURPOSE_cleanup(void);
564int X509_PURPOSE_get_id(X509_PURPOSE *);
565
566STACK *X509_get1_email(X509 *x);
567STACK *X509_REQ_get1_email(X509_REQ *x);
568void X509_email_free(STACK *sk);
569
570
571/* BEGIN ERROR CODES */
572/* The following lines are auto generated by the script mkerr.pl. Any changes
573 * made after this point may be overwritten when the script is next run.
574 */
575void ERR_load_X509V3_strings(void);
576
577/* Error codes for the X509V3 functions. */
578
579/* Function codes. */
580#define X509V3_F_COPY_EMAIL 122
581#define X509V3_F_COPY_ISSUER 123
582#define X509V3_F_DO_EXT_CONF 124
583#define X509V3_F_DO_EXT_I2D 135
584#define X509V3_F_HEX_TO_STRING 111
585#define X509V3_F_I2S_ASN1_ENUMERATED 121
586#define X509V3_F_I2S_ASN1_IA5STRING 142
587#define X509V3_F_I2S_ASN1_INTEGER 120
588#define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 138
589#define X509V3_F_NOTICE_SECTION 132
590#define X509V3_F_NREF_NOS 133
591#define X509V3_F_POLICY_SECTION 131
592#define X509V3_F_R2I_CERTPOL 130
593#define X509V3_F_R2I_PCI 142
594#define X509V3_F_S2I_ASN1_IA5STRING 100
595#define X509V3_F_S2I_ASN1_INTEGER 108
596#define X509V3_F_S2I_ASN1_OCTET_STRING 112
597#define X509V3_F_S2I_ASN1_SKEY_ID 114
598#define X509V3_F_S2I_S2I_SKEY_ID 115
599#define X509V3_F_STRING_TO_HEX 113
600#define X509V3_F_SXNET_ADD_ASC 125
601#define X509V3_F_SXNET_ADD_ID_INTEGER 126
602#define X509V3_F_SXNET_ADD_ID_ULONG 127
603#define X509V3_F_SXNET_GET_ID_ASC 128
604#define X509V3_F_SXNET_GET_ID_ULONG 129
605#define X509V3_F_V2I_ACCESS_DESCRIPTION 139
606#define X509V3_F_V2I_ASN1_BIT_STRING 101
607#define X509V3_F_V2I_AUTHORITY_KEYID 119
608#define X509V3_F_V2I_BASIC_CONSTRAINTS 102
609#define X509V3_F_V2I_CRLD 134
610#define X509V3_F_V2I_EXT_KU 103
611#define X509V3_F_V2I_GENERAL_NAME 117
612#define X509V3_F_V2I_GENERAL_NAMES 118
613#define X509V3_F_V3_GENERIC_EXTENSION 116
614#define X509V3_F_X509V3_ADD_I2D 140
615#define X509V3_F_X509V3_ADD_VALUE 105
616#define X509V3_F_X509V3_EXT_ADD 104
617#define X509V3_F_X509V3_EXT_ADD_ALIAS 106
618#define X509V3_F_X509V3_EXT_CONF 107
619#define X509V3_F_X509V3_EXT_I2D 136
620#define X509V3_F_X509V3_GET_VALUE_BOOL 110
621#define X509V3_F_X509V3_PARSE_LIST 109
622#define X509V3_F_X509_PURPOSE_ADD 137
623#define X509V3_F_X509_PURPOSE_SET 141
624
625/* Reason codes. */
626#define X509V3_R_BAD_IP_ADDRESS 118
627#define X509V3_R_BAD_OBJECT 119
628#define X509V3_R_BN_DEC2BN_ERROR 100
629#define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101
630#define X509V3_R_DUPLICATE_ZONE_ID 133
631#define X509V3_R_ERROR_CONVERTING_ZONE 131
632#define X509V3_R_ERROR_CREATING_EXTENSION 144
633#define X509V3_R_ERROR_IN_EXTENSION 128
634#define X509V3_R_EXPECTED_A_SECTION_NAME 137
635#define X509V3_R_EXTENSION_EXISTS 145
636#define X509V3_R_EXTENSION_NAME_ERROR 115
637#define X509V3_R_EXTENSION_NOT_FOUND 102
638#define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 103
639#define X509V3_R_EXTENSION_VALUE_ERROR 116
640#define X509V3_R_ILLEGAL_HEX_DIGIT 113
641#define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 153
642#define X509V3_R_INVALID_BOOLEAN_STRING 104
643#define X509V3_R_INVALID_EXTENSION_STRING 105
644#define X509V3_R_INVALID_NAME 106
645#define X509V3_R_INVALID_NULL_ARGUMENT 107
646#define X509V3_R_INVALID_NULL_NAME 108
647#define X509V3_R_INVALID_NULL_VALUE 109
648#define X509V3_R_INVALID_NUMBER 140
649#define X509V3_R_INVALID_NUMBERS 141
650#define X509V3_R_INVALID_OBJECT_IDENTIFIER 110
651#define X509V3_R_INVALID_OPTION 138
652#define X509V3_R_INVALID_POLICY_IDENTIFIER 134
653#define X509V3_R_INVALID_PROXY_POLICY_IDENTIFIER 147
654#define X509V3_R_INVALID_PROXY_POLICY_SETTING 151
655#define X509V3_R_INVALID_PURPOSE 146
656#define X509V3_R_INVALID_SECTION 135
657#define X509V3_R_INVALID_SYNTAX 143
658#define X509V3_R_ISSUER_DECODE_ERROR 126
659#define X509V3_R_MISSING_VALUE 124
660#define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS 142
661#define X509V3_R_NO_CONFIG_DATABASE 136
662#define X509V3_R_NO_ISSUER_CERTIFICATE 121
663#define X509V3_R_NO_ISSUER_DETAILS 127
664#define X509V3_R_NO_POLICY_IDENTIFIER 139
665#define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED 148
666#define X509V3_R_NO_PUBLIC_KEY 114
667#define X509V3_R_NO_SUBJECT_DETAILS 125
668#define X509V3_R_ODD_NUMBER_OF_DIGITS 112
669#define X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED 149
670#define X509V3_R_POLICY_PATH_LENGTH 152
671#define X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED 150
672#define X509V3_R_POLICY_SYNTAX_NOT 154
673#define X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED 155
674#define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 156
675#define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 122
676#define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 123
677#define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 111
678#define X509V3_R_UNKNOWN_EXTENSION 129
679#define X509V3_R_UNKNOWN_EXTENSION_NAME 130
680#define X509V3_R_UNKNOWN_OPTION 120
681#define X509V3_R_UNSUPPORTED_OPTION 117
682#define X509V3_R_USER_TOO_LONG 132
683
684#ifdef __cplusplus
685}
686#endif
687#endif