diff options
Diffstat (limited to 'src/lib/libcrypto/x509v3')
-rw-r--r-- | src/lib/libcrypto/x509v3/Makefile | 591 | ||||
-rw-r--r-- | src/lib/libcrypto/x509v3/pcy_tree.c | 3 | ||||
-rw-r--r-- | src/lib/libcrypto/x509v3/tabtest.c | 88 | ||||
-rw-r--r-- | src/lib/libcrypto/x509v3/v3_addr.c | 1287 | ||||
-rw-r--r-- | src/lib/libcrypto/x509v3/v3_alt.c | 4 | ||||
-rw-r--r-- | src/lib/libcrypto/x509v3/v3_asid.c | 844 | ||||
-rw-r--r-- | src/lib/libcrypto/x509v3/v3conf.c | 127 | ||||
-rw-r--r-- | src/lib/libcrypto/x509v3/v3prin.c | 99 |
8 files changed, 3040 insertions, 3 deletions
diff --git a/src/lib/libcrypto/x509v3/Makefile b/src/lib/libcrypto/x509v3/Makefile new file mode 100644 index 0000000000..556ef351bf --- /dev/null +++ b/src/lib/libcrypto/x509v3/Makefile | |||
@@ -0,0 +1,591 @@ | |||
1 | # | ||
2 | # OpenSSL/crypto/x509v3/Makefile | ||
3 | # | ||
4 | |||
5 | DIR= x509v3 | ||
6 | TOP= ../.. | ||
7 | CC= cc | ||
8 | INCLUDES= -I.. -I$(TOP) -I../../include | ||
9 | CFLAG=-g | ||
10 | MAKEFILE= Makefile | ||
11 | AR= ar r | ||
12 | |||
13 | CFLAGS= $(INCLUDES) $(CFLAG) | ||
14 | |||
15 | GENERAL=Makefile README | ||
16 | TEST= | ||
17 | APPS= | ||
18 | |||
19 | LIB=$(TOP)/libcrypto.a | ||
20 | LIBSRC= v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c v3_lib.c \ | ||
21 | v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c v3_pku.c \ | ||
22 | v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c v3_info.c \ | ||
23 | v3_ocsp.c v3_akeya.c v3_pmaps.c v3_pcons.c v3_ncons.c v3_pcia.c v3_pci.c \ | ||
24 | pcy_cache.c pcy_node.c pcy_data.c pcy_map.c pcy_tree.c pcy_lib.c \ | ||
25 | v3_asid.c v3_addr.c | ||
26 | LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \ | ||
27 | v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \ | ||
28 | v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o v3_crld.o v3_purp.o v3_info.o \ | ||
29 | v3_ocsp.o v3_akeya.o v3_pmaps.o v3_pcons.o v3_ncons.o v3_pcia.o v3_pci.o \ | ||
30 | pcy_cache.o pcy_node.o pcy_data.o pcy_map.o pcy_tree.o pcy_lib.o \ | ||
31 | v3_asid.o v3_addr.o | ||
32 | |||
33 | SRC= $(LIBSRC) | ||
34 | |||
35 | EXHEADER= x509v3.h | ||
36 | HEADER= $(EXHEADER) pcy_int.h | ||
37 | |||
38 | ALL= $(GENERAL) $(SRC) $(HEADER) | ||
39 | |||
40 | top: | ||
41 | (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) | ||
42 | |||
43 | all: lib | ||
44 | |||
45 | lib: $(LIBOBJ) | ||
46 | $(AR) $(LIB) $(LIBOBJ) | ||
47 | $(RANLIB) $(LIB) || echo Never mind. | ||
48 | @touch lib | ||
49 | |||
50 | files: | ||
51 | $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO | ||
52 | |||
53 | links: | ||
54 | @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) | ||
55 | @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) | ||
56 | @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) | ||
57 | |||
58 | install: | ||
59 | @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... | ||
60 | @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ | ||
61 | do \ | ||
62 | (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ | ||
63 | chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ | ||
64 | done; | ||
65 | |||
66 | tags: | ||
67 | ctags $(SRC) | ||
68 | |||
69 | tests: | ||
70 | |||
71 | lint: | ||
72 | lint -DLINT $(INCLUDES) $(SRC)>fluff | ||
73 | |||
74 | depend: | ||
75 | @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... | ||
76 | $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) | ||
77 | |||
78 | dclean: | ||
79 | $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new | ||
80 | mv -f Makefile.new $(MAKEFILE) | ||
81 | |||
82 | clean: | ||
83 | rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff | ||
84 | |||
85 | # DO NOT DELETE THIS LINE -- make depend depends on it. | ||
86 | |||
87 | pcy_cache.o: ../../e_os.h ../../include/openssl/asn1.h | ||
88 | pcy_cache.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h | ||
89 | pcy_cache.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h | ||
90 | pcy_cache.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h | ||
91 | pcy_cache.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h | ||
92 | pcy_cache.o: ../../include/openssl/err.h ../../include/openssl/evp.h | ||
93 | pcy_cache.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h | ||
94 | pcy_cache.o: ../../include/openssl/objects.h | ||
95 | pcy_cache.o: ../../include/openssl/opensslconf.h | ||
96 | pcy_cache.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h | ||
97 | pcy_cache.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h | ||
98 | pcy_cache.o: ../../include/openssl/sha.h ../../include/openssl/stack.h | ||
99 | pcy_cache.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h | ||
100 | pcy_cache.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h | ||
101 | pcy_cache.o: ../cryptlib.h pcy_cache.c pcy_int.h | ||
102 | pcy_data.o: ../../e_os.h ../../include/openssl/asn1.h | ||
103 | pcy_data.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h | ||
104 | pcy_data.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h | ||
105 | pcy_data.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h | ||
106 | pcy_data.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h | ||
107 | pcy_data.o: ../../include/openssl/err.h ../../include/openssl/evp.h | ||
108 | pcy_data.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h | ||
109 | pcy_data.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h | ||
110 | pcy_data.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h | ||
111 | pcy_data.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h | ||
112 | pcy_data.o: ../../include/openssl/sha.h ../../include/openssl/stack.h | ||
113 | pcy_data.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h | ||
114 | pcy_data.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h | ||
115 | pcy_data.o: ../cryptlib.h pcy_data.c pcy_int.h | ||
116 | pcy_lib.o: ../../e_os.h ../../include/openssl/asn1.h | ||
117 | pcy_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h | ||
118 | pcy_lib.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h | ||
119 | pcy_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h | ||
120 | pcy_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h | ||
121 | pcy_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h | ||
122 | pcy_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h | ||
123 | pcy_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h | ||
124 | pcy_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h | ||
125 | pcy_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h | ||
126 | pcy_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h | ||
127 | pcy_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h | ||
128 | pcy_lib.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h | ||
129 | pcy_lib.o: ../cryptlib.h pcy_int.h pcy_lib.c | ||
130 | pcy_map.o: ../../e_os.h ../../include/openssl/asn1.h | ||
131 | pcy_map.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h | ||
132 | pcy_map.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h | ||
133 | pcy_map.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h | ||
134 | pcy_map.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h | ||
135 | pcy_map.o: ../../include/openssl/err.h ../../include/openssl/evp.h | ||
136 | pcy_map.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h | ||
137 | pcy_map.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h | ||
138 | pcy_map.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h | ||
139 | pcy_map.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h | ||
140 | pcy_map.o: ../../include/openssl/sha.h ../../include/openssl/stack.h | ||
141 | pcy_map.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h | ||
142 | pcy_map.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h | ||
143 | pcy_map.o: ../cryptlib.h pcy_int.h pcy_map.c | ||
144 | pcy_node.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h | ||
145 | pcy_node.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h | ||
146 | pcy_node.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h | ||
147 | pcy_node.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h | ||
148 | pcy_node.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h | ||
149 | pcy_node.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h | ||
150 | pcy_node.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h | ||
151 | pcy_node.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h | ||
152 | pcy_node.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h | ||
153 | pcy_node.o: ../../include/openssl/sha.h ../../include/openssl/stack.h | ||
154 | pcy_node.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h | ||
155 | pcy_node.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h | ||
156 | pcy_node.o: pcy_int.h pcy_node.c | ||
157 | pcy_tree.o: ../../e_os.h ../../include/openssl/asn1.h | ||
158 | pcy_tree.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h | ||
159 | pcy_tree.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h | ||
160 | pcy_tree.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h | ||
161 | pcy_tree.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h | ||
162 | pcy_tree.o: ../../include/openssl/err.h ../../include/openssl/evp.h | ||
163 | pcy_tree.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h | ||
164 | pcy_tree.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h | ||
165 | pcy_tree.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h | ||
166 | pcy_tree.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h | ||
167 | pcy_tree.o: ../../include/openssl/sha.h ../../include/openssl/stack.h | ||
168 | pcy_tree.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h | ||
169 | pcy_tree.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h | ||
170 | pcy_tree.o: ../cryptlib.h pcy_int.h pcy_tree.c | ||
171 | v3_addr.o: ../../e_os.h ../../include/openssl/asn1.h | ||
172 | v3_addr.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h | ||
173 | v3_addr.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h | ||
174 | v3_addr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h | ||
175 | v3_addr.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h | ||
176 | v3_addr.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h | ||
177 | v3_addr.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h | ||
178 | v3_addr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h | ||
179 | v3_addr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h | ||
180 | v3_addr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h | ||
181 | v3_addr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h | ||
182 | v3_addr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h | ||
183 | v3_addr.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h | ||
184 | v3_addr.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_addr.c | ||
185 | v3_akey.o: ../../e_os.h ../../include/openssl/asn1.h | ||
186 | v3_akey.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h | ||
187 | v3_akey.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h | ||
188 | v3_akey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h | ||
189 | v3_akey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h | ||
190 | v3_akey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h | ||
191 | v3_akey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h | ||
192 | v3_akey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h | ||
193 | v3_akey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h | ||
194 | v3_akey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h | ||
195 | v3_akey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h | ||
196 | v3_akey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h | ||
197 | v3_akey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h | ||
198 | v3_akey.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_akey.c | ||
199 | v3_akeya.o: ../../e_os.h ../../include/openssl/asn1.h | ||
200 | v3_akeya.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h | ||
201 | v3_akeya.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h | ||
202 | v3_akeya.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h | ||
203 | v3_akeya.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h | ||
204 | v3_akeya.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h | ||
205 | v3_akeya.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h | ||
206 | v3_akeya.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h | ||
207 | v3_akeya.o: ../../include/openssl/opensslconf.h | ||
208 | v3_akeya.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h | ||
209 | v3_akeya.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h | ||
210 | v3_akeya.o: ../../include/openssl/sha.h ../../include/openssl/stack.h | ||
211 | v3_akeya.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h | ||
212 | v3_akeya.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h | ||
213 | v3_akeya.o: ../cryptlib.h v3_akeya.c | ||
214 | v3_alt.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h | ||
215 | v3_alt.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h | ||
216 | v3_alt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h | ||
217 | v3_alt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h | ||
218 | v3_alt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h | ||
219 | v3_alt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h | ||
220 | v3_alt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h | ||
221 | v3_alt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h | ||
222 | v3_alt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h | ||
223 | v3_alt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h | ||
224 | v3_alt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h | ||
225 | v3_alt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h | ||
226 | v3_alt.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_alt.c | ||
227 | v3_asid.o: ../../e_os.h ../../include/openssl/asn1.h | ||
228 | v3_asid.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h | ||
229 | v3_asid.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h | ||
230 | v3_asid.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h | ||
231 | v3_asid.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h | ||
232 | v3_asid.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h | ||
233 | v3_asid.o: ../../include/openssl/err.h ../../include/openssl/evp.h | ||
234 | v3_asid.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h | ||
235 | v3_asid.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h | ||
236 | v3_asid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h | ||
237 | v3_asid.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h | ||
238 | v3_asid.o: ../../include/openssl/sha.h ../../include/openssl/stack.h | ||
239 | v3_asid.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h | ||
240 | v3_asid.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h | ||
241 | v3_asid.o: ../cryptlib.h v3_asid.c | ||
242 | v3_bcons.o: ../../e_os.h ../../include/openssl/asn1.h | ||
243 | v3_bcons.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h | ||
244 | v3_bcons.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h | ||
245 | v3_bcons.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h | ||
246 | v3_bcons.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h | ||
247 | v3_bcons.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h | ||
248 | v3_bcons.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h | ||
249 | v3_bcons.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h | ||
250 | v3_bcons.o: ../../include/openssl/opensslconf.h | ||
251 | v3_bcons.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h | ||
252 | v3_bcons.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h | ||
253 | v3_bcons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h | ||
254 | v3_bcons.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h | ||
255 | v3_bcons.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h | ||
256 | v3_bcons.o: ../cryptlib.h v3_bcons.c | ||
257 | v3_bitst.o: ../../e_os.h ../../include/openssl/asn1.h | ||
258 | v3_bitst.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h | ||
259 | v3_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h | ||
260 | v3_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h | ||
261 | v3_bitst.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h | ||
262 | v3_bitst.o: ../../include/openssl/err.h ../../include/openssl/evp.h | ||
263 | v3_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h | ||
264 | v3_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h | ||
265 | v3_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h | ||
266 | v3_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h | ||
267 | v3_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h | ||
268 | v3_bitst.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h | ||
269 | v3_bitst.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h | ||
270 | v3_bitst.o: ../cryptlib.h v3_bitst.c | ||
271 | v3_conf.o: ../../e_os.h ../../include/openssl/asn1.h | ||
272 | v3_conf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h | ||
273 | v3_conf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h | ||
274 | v3_conf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h | ||
275 | v3_conf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h | ||
276 | v3_conf.o: ../../include/openssl/err.h ../../include/openssl/evp.h | ||
277 | v3_conf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h | ||
278 | v3_conf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h | ||
279 | v3_conf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h | ||
280 | v3_conf.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h | ||
281 | v3_conf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h | ||
282 | v3_conf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h | ||
283 | v3_conf.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h | ||
284 | v3_conf.o: ../cryptlib.h v3_conf.c | ||
285 | v3_cpols.o: ../../e_os.h ../../include/openssl/asn1.h | ||
286 | v3_cpols.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h | ||
287 | v3_cpols.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h | ||
288 | v3_cpols.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h | ||
289 | v3_cpols.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h | ||
290 | v3_cpols.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h | ||
291 | v3_cpols.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h | ||
292 | v3_cpols.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h | ||
293 | v3_cpols.o: ../../include/openssl/opensslconf.h | ||
294 | v3_cpols.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h | ||
295 | v3_cpols.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h | ||
296 | v3_cpols.o: ../../include/openssl/sha.h ../../include/openssl/stack.h | ||
297 | v3_cpols.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h | ||
298 | v3_cpols.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h | ||
299 | v3_cpols.o: ../cryptlib.h pcy_int.h v3_cpols.c | ||
300 | v3_crld.o: ../../e_os.h ../../include/openssl/asn1.h | ||
301 | v3_crld.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h | ||
302 | v3_crld.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h | ||
303 | v3_crld.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h | ||
304 | v3_crld.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h | ||
305 | v3_crld.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h | ||
306 | v3_crld.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h | ||
307 | v3_crld.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h | ||
308 | v3_crld.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h | ||
309 | v3_crld.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h | ||
310 | v3_crld.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h | ||
311 | v3_crld.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h | ||
312 | v3_crld.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h | ||
313 | v3_crld.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_crld.c | ||
314 | v3_enum.o: ../../e_os.h ../../include/openssl/asn1.h | ||
315 | v3_enum.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h | ||
316 | v3_enum.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h | ||
317 | v3_enum.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h | ||
318 | v3_enum.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h | ||
319 | v3_enum.o: ../../include/openssl/err.h ../../include/openssl/evp.h | ||
320 | v3_enum.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h | ||
321 | v3_enum.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h | ||
322 | v3_enum.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h | ||
323 | v3_enum.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h | ||
324 | v3_enum.o: ../../include/openssl/sha.h ../../include/openssl/stack.h | ||
325 | v3_enum.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h | ||
326 | v3_enum.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h | ||
327 | v3_enum.o: ../cryptlib.h v3_enum.c | ||
328 | v3_extku.o: ../../e_os.h ../../include/openssl/asn1.h | ||
329 | v3_extku.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h | ||
330 | v3_extku.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h | ||
331 | v3_extku.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h | ||
332 | v3_extku.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h | ||
333 | v3_extku.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h | ||
334 | v3_extku.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h | ||
335 | v3_extku.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h | ||
336 | v3_extku.o: ../../include/openssl/opensslconf.h | ||
337 | v3_extku.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h | ||
338 | v3_extku.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h | ||
339 | v3_extku.o: ../../include/openssl/sha.h ../../include/openssl/stack.h | ||
340 | v3_extku.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h | ||
341 | v3_extku.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h | ||
342 | v3_extku.o: ../cryptlib.h v3_extku.c | ||
343 | v3_genn.o: ../../e_os.h ../../include/openssl/asn1.h | ||
344 | v3_genn.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h | ||
345 | v3_genn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h | ||
346 | v3_genn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h | ||
347 | v3_genn.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h | ||
348 | v3_genn.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h | ||
349 | v3_genn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h | ||
350 | v3_genn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h | ||
351 | v3_genn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h | ||
352 | v3_genn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h | ||
353 | v3_genn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h | ||
354 | v3_genn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h | ||
355 | v3_genn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h | ||
356 | v3_genn.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_genn.c | ||
357 | v3_ia5.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h | ||
358 | v3_ia5.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h | ||
359 | v3_ia5.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h | ||
360 | v3_ia5.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h | ||
361 | v3_ia5.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h | ||
362 | v3_ia5.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h | ||
363 | v3_ia5.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h | ||
364 | v3_ia5.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h | ||
365 | v3_ia5.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h | ||
366 | v3_ia5.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h | ||
367 | v3_ia5.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h | ||
368 | v3_ia5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h | ||
369 | v3_ia5.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_ia5.c | ||
370 | v3_info.o: ../../e_os.h ../../include/openssl/asn1.h | ||
371 | v3_info.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h | ||
372 | v3_info.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h | ||
373 | v3_info.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h | ||
374 | v3_info.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h | ||
375 | v3_info.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h | ||
376 | v3_info.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h | ||
377 | v3_info.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h | ||
378 | v3_info.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h | ||
379 | v3_info.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h | ||
380 | v3_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h | ||
381 | v3_info.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h | ||
382 | v3_info.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h | ||
383 | v3_info.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_info.c | ||
384 | v3_int.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h | ||
385 | v3_int.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h | ||
386 | v3_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h | ||
387 | v3_int.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h | ||
388 | v3_int.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h | ||
389 | v3_int.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h | ||
390 | v3_int.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h | ||
391 | v3_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h | ||
392 | v3_int.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h | ||
393 | v3_int.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h | ||
394 | v3_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h | ||
395 | v3_int.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h | ||
396 | v3_int.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_int.c | ||
397 | v3_lib.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h | ||
398 | v3_lib.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h | ||
399 | v3_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h | ||
400 | v3_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h | ||
401 | v3_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h | ||
402 | v3_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h | ||
403 | v3_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h | ||
404 | v3_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h | ||
405 | v3_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h | ||
406 | v3_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h | ||
407 | v3_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h | ||
408 | v3_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h | ||
409 | v3_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h ext_dat.h v3_lib.c | ||
410 | v3_ncons.o: ../../e_os.h ../../include/openssl/asn1.h | ||
411 | v3_ncons.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h | ||
412 | v3_ncons.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h | ||
413 | v3_ncons.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h | ||
414 | v3_ncons.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h | ||
415 | v3_ncons.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h | ||
416 | v3_ncons.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h | ||
417 | v3_ncons.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h | ||
418 | v3_ncons.o: ../../include/openssl/opensslconf.h | ||
419 | v3_ncons.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h | ||
420 | v3_ncons.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h | ||
421 | v3_ncons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h | ||
422 | v3_ncons.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h | ||
423 | v3_ncons.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h | ||
424 | v3_ncons.o: ../cryptlib.h v3_ncons.c | ||
425 | v3_ocsp.o: ../../e_os.h ../../include/openssl/asn1.h | ||
426 | v3_ocsp.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h | ||
427 | v3_ocsp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h | ||
428 | v3_ocsp.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h | ||
429 | v3_ocsp.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h | ||
430 | v3_ocsp.o: ../../include/openssl/err.h ../../include/openssl/evp.h | ||
431 | v3_ocsp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h | ||
432 | v3_ocsp.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h | ||
433 | v3_ocsp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h | ||
434 | v3_ocsp.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h | ||
435 | v3_ocsp.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h | ||
436 | v3_ocsp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h | ||
437 | v3_ocsp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h | ||
438 | v3_ocsp.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_ocsp.c | ||
439 | v3_pci.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h | ||
440 | v3_pci.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h | ||
441 | v3_pci.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h | ||
442 | v3_pci.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h | ||
443 | v3_pci.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h | ||
444 | v3_pci.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h | ||
445 | v3_pci.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h | ||
446 | v3_pci.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h | ||
447 | v3_pci.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h | ||
448 | v3_pci.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h | ||
449 | v3_pci.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h | ||
450 | v3_pci.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h | ||
451 | v3_pci.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_pci.c | ||
452 | v3_pcia.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h | ||
453 | v3_pcia.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h | ||
454 | v3_pcia.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h | ||
455 | v3_pcia.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h | ||
456 | v3_pcia.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h | ||
457 | v3_pcia.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h | ||
458 | v3_pcia.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h | ||
459 | v3_pcia.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h | ||
460 | v3_pcia.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h | ||
461 | v3_pcia.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h | ||
462 | v3_pcia.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h | ||
463 | v3_pcia.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h | ||
464 | v3_pcia.o: ../../include/openssl/x509v3.h v3_pcia.c | ||
465 | v3_pcons.o: ../../e_os.h ../../include/openssl/asn1.h | ||
466 | v3_pcons.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h | ||
467 | v3_pcons.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h | ||
468 | v3_pcons.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h | ||
469 | v3_pcons.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h | ||
470 | v3_pcons.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h | ||
471 | v3_pcons.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h | ||
472 | v3_pcons.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h | ||
473 | v3_pcons.o: ../../include/openssl/opensslconf.h | ||
474 | v3_pcons.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h | ||
475 | v3_pcons.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h | ||
476 | v3_pcons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h | ||
477 | v3_pcons.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h | ||
478 | v3_pcons.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h | ||
479 | v3_pcons.o: ../cryptlib.h v3_pcons.c | ||
480 | v3_pku.o: ../../e_os.h ../../include/openssl/asn1.h | ||
481 | v3_pku.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h | ||
482 | v3_pku.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h | ||
483 | v3_pku.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h | ||
484 | v3_pku.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h | ||
485 | v3_pku.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h | ||
486 | v3_pku.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h | ||
487 | v3_pku.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h | ||
488 | v3_pku.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h | ||
489 | v3_pku.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h | ||
490 | v3_pku.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h | ||
491 | v3_pku.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h | ||
492 | v3_pku.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h | ||
493 | v3_pku.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_pku.c | ||
494 | v3_pmaps.o: ../../e_os.h ../../include/openssl/asn1.h | ||
495 | v3_pmaps.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h | ||
496 | v3_pmaps.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h | ||
497 | v3_pmaps.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h | ||
498 | v3_pmaps.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h | ||
499 | v3_pmaps.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h | ||
500 | v3_pmaps.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h | ||
501 | v3_pmaps.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h | ||
502 | v3_pmaps.o: ../../include/openssl/opensslconf.h | ||
503 | v3_pmaps.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h | ||
504 | v3_pmaps.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h | ||
505 | v3_pmaps.o: ../../include/openssl/sha.h ../../include/openssl/stack.h | ||
506 | v3_pmaps.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h | ||
507 | v3_pmaps.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h | ||
508 | v3_pmaps.o: ../cryptlib.h v3_pmaps.c | ||
509 | v3_prn.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h | ||
510 | v3_prn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h | ||
511 | v3_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h | ||
512 | v3_prn.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h | ||
513 | v3_prn.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h | ||
514 | v3_prn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h | ||
515 | v3_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h | ||
516 | v3_prn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h | ||
517 | v3_prn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h | ||
518 | v3_prn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h | ||
519 | v3_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h | ||
520 | v3_prn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h | ||
521 | v3_prn.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_prn.c | ||
522 | v3_purp.o: ../../e_os.h ../../include/openssl/asn1.h | ||
523 | v3_purp.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h | ||
524 | v3_purp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h | ||
525 | v3_purp.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h | ||
526 | v3_purp.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h | ||
527 | v3_purp.o: ../../include/openssl/err.h ../../include/openssl/evp.h | ||
528 | v3_purp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h | ||
529 | v3_purp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h | ||
530 | v3_purp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h | ||
531 | v3_purp.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h | ||
532 | v3_purp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h | ||
533 | v3_purp.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h | ||
534 | v3_purp.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h | ||
535 | v3_purp.o: ../cryptlib.h v3_purp.c | ||
536 | v3_skey.o: ../../e_os.h ../../include/openssl/asn1.h | ||
537 | v3_skey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h | ||
538 | v3_skey.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h | ||
539 | v3_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h | ||
540 | v3_skey.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h | ||
541 | v3_skey.o: ../../include/openssl/err.h ../../include/openssl/evp.h | ||
542 | v3_skey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h | ||
543 | v3_skey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h | ||
544 | v3_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h | ||
545 | v3_skey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h | ||
546 | v3_skey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h | ||
547 | v3_skey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h | ||
548 | v3_skey.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h | ||
549 | v3_skey.o: ../cryptlib.h v3_skey.c | ||
550 | v3_sxnet.o: ../../e_os.h ../../include/openssl/asn1.h | ||
551 | v3_sxnet.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h | ||
552 | v3_sxnet.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h | ||
553 | v3_sxnet.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h | ||
554 | v3_sxnet.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h | ||
555 | v3_sxnet.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h | ||
556 | v3_sxnet.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h | ||
557 | v3_sxnet.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h | ||
558 | v3_sxnet.o: ../../include/openssl/opensslconf.h | ||
559 | v3_sxnet.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h | ||
560 | v3_sxnet.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h | ||
561 | v3_sxnet.o: ../../include/openssl/sha.h ../../include/openssl/stack.h | ||
562 | v3_sxnet.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h | ||
563 | v3_sxnet.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h | ||
564 | v3_sxnet.o: ../cryptlib.h v3_sxnet.c | ||
565 | v3_utl.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h | ||
566 | v3_utl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h | ||
567 | v3_utl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h | ||
568 | v3_utl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h | ||
569 | v3_utl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h | ||
570 | v3_utl.o: ../../include/openssl/err.h ../../include/openssl/evp.h | ||
571 | v3_utl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h | ||
572 | v3_utl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h | ||
573 | v3_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h | ||
574 | v3_utl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h | ||
575 | v3_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h | ||
576 | v3_utl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h | ||
577 | v3_utl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h | ||
578 | v3_utl.o: ../cryptlib.h v3_utl.c | ||
579 | v3err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h | ||
580 | v3err.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h | ||
581 | v3err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h | ||
582 | v3err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h | ||
583 | v3err.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h | ||
584 | v3err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h | ||
585 | v3err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h | ||
586 | v3err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h | ||
587 | v3err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h | ||
588 | v3err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h | ||
589 | v3err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h | ||
590 | v3err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h | ||
591 | v3err.o: ../../include/openssl/x509v3.h v3err.c | ||
diff --git a/src/lib/libcrypto/x509v3/pcy_tree.c b/src/lib/libcrypto/x509v3/pcy_tree.c index bb9777348f..92f6b24556 100644 --- a/src/lib/libcrypto/x509v3/pcy_tree.c +++ b/src/lib/libcrypto/x509v3/pcy_tree.c | |||
@@ -341,8 +341,9 @@ static int tree_link_nodes(X509_POLICY_LEVEL *curr, | |||
341 | const X509_POLICY_CACHE *cache) | 341 | const X509_POLICY_CACHE *cache) |
342 | { | 342 | { |
343 | int i; | 343 | int i; |
344 | X509_POLICY_LEVEL *last; | ||
344 | X509_POLICY_DATA *data; | 345 | X509_POLICY_DATA *data; |
345 | 346 | last = curr - 1; | |
346 | for (i = 0; i < sk_X509_POLICY_DATA_num(cache->data); i++) | 347 | for (i = 0; i < sk_X509_POLICY_DATA_num(cache->data); i++) |
347 | { | 348 | { |
348 | data = sk_X509_POLICY_DATA_value(cache->data, i); | 349 | data = sk_X509_POLICY_DATA_value(cache->data, i); |
diff --git a/src/lib/libcrypto/x509v3/tabtest.c b/src/lib/libcrypto/x509v3/tabtest.c new file mode 100644 index 0000000000..5ed6eb6891 --- /dev/null +++ b/src/lib/libcrypto/x509v3/tabtest.c | |||
@@ -0,0 +1,88 @@ | |||
1 | /* tabtest.c */ | ||
2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | ||
3 | * project 1999. | ||
4 | */ | ||
5 | /* ==================================================================== | ||
6 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | ||
7 | * | ||
8 | * Redistribution and use in source and binary forms, with or without | ||
9 | * modification, are permitted provided that the following conditions | ||
10 | * are met: | ||
11 | * | ||
12 | * 1. Redistributions of source code must retain the above copyright | ||
13 | * notice, this list of conditions and the following disclaimer. | ||
14 | * | ||
15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
16 | * notice, this list of conditions and the following disclaimer in | ||
17 | * the documentation and/or other materials provided with the | ||
18 | * distribution. | ||
19 | * | ||
20 | * 3. All advertising materials mentioning features or use of this | ||
21 | * software must display the following acknowledgment: | ||
22 | * "This product includes software developed by the OpenSSL Project | ||
23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
24 | * | ||
25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
26 | * endorse or promote products derived from this software without | ||
27 | * prior written permission. For written permission, please contact | ||
28 | * licensing@OpenSSL.org. | ||
29 | * | ||
30 | * 5. Products derived from this software may not be called "OpenSSL" | ||
31 | * nor may "OpenSSL" appear in their names without prior written | ||
32 | * permission of the OpenSSL Project. | ||
33 | * | ||
34 | * 6. Redistributions of any form whatsoever must retain the following | ||
35 | * acknowledgment: | ||
36 | * "This product includes software developed by the OpenSSL Project | ||
37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
38 | * | ||
39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
51 | * ==================================================================== | ||
52 | * | ||
53 | * This product includes cryptographic software written by Eric Young | ||
54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
55 | * Hudson (tjh@cryptsoft.com). | ||
56 | * | ||
57 | */ | ||
58 | |||
59 | /* Simple program to check the ext_dat.h is correct and print out | ||
60 | * problems if it is not. | ||
61 | */ | ||
62 | |||
63 | #include <stdio.h> | ||
64 | |||
65 | #include <openssl/x509v3.h> | ||
66 | |||
67 | #include "ext_dat.h" | ||
68 | |||
69 | main() | ||
70 | { | ||
71 | int i, prev = -1, bad = 0; | ||
72 | X509V3_EXT_METHOD **tmp; | ||
73 | i = sizeof(standard_exts) / sizeof(X509V3_EXT_METHOD *); | ||
74 | if(i != STANDARD_EXTENSION_COUNT) | ||
75 | fprintf(stderr, "Extension number invalid expecting %d\n", i); | ||
76 | tmp = standard_exts; | ||
77 | for(i = 0; i < STANDARD_EXTENSION_COUNT; i++, tmp++) { | ||
78 | if((*tmp)->ext_nid < prev) bad = 1; | ||
79 | prev = (*tmp)->ext_nid; | ||
80 | |||
81 | } | ||
82 | if(bad) { | ||
83 | tmp = standard_exts; | ||
84 | fprintf(stderr, "Extensions out of order!\n"); | ||
85 | for(i = 0; i < STANDARD_EXTENSION_COUNT; i++, tmp++) | ||
86 | printf("%d : %s\n", (*tmp)->ext_nid, OBJ_nid2sn((*tmp)->ext_nid)); | ||
87 | } else fprintf(stderr, "Order OK\n"); | ||
88 | } | ||
diff --git a/src/lib/libcrypto/x509v3/v3_addr.c b/src/lib/libcrypto/x509v3/v3_addr.c new file mode 100644 index 0000000000..9087d66e0a --- /dev/null +++ b/src/lib/libcrypto/x509v3/v3_addr.c | |||
@@ -0,0 +1,1287 @@ | |||
1 | /* | ||
2 | * Contributed to the OpenSSL Project by the American Registry for | ||
3 | * Internet Numbers ("ARIN"). | ||
4 | */ | ||
5 | /* ==================================================================== | ||
6 | * Copyright (c) 2006 The OpenSSL Project. All rights reserved. | ||
7 | * | ||
8 | * Redistribution and use in source and binary forms, with or without | ||
9 | * modification, are permitted provided that the following conditions | ||
10 | * are met: | ||
11 | * | ||
12 | * 1. Redistributions of source code must retain the above copyright | ||
13 | * notice, this list of conditions and the following disclaimer. | ||
14 | * | ||
15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
16 | * notice, this list of conditions and the following disclaimer in | ||
17 | * the documentation and/or other materials provided with the | ||
18 | * distribution. | ||
19 | * | ||
20 | * 3. All advertising materials mentioning features or use of this | ||
21 | * software must display the following acknowledgment: | ||
22 | * "This product includes software developed by the OpenSSL Project | ||
23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
24 | * | ||
25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
26 | * endorse or promote products derived from this software without | ||
27 | * prior written permission. For written permission, please contact | ||
28 | * licensing@OpenSSL.org. | ||
29 | * | ||
30 | * 5. Products derived from this software may not be called "OpenSSL" | ||
31 | * nor may "OpenSSL" appear in their names without prior written | ||
32 | * permission of the OpenSSL Project. | ||
33 | * | ||
34 | * 6. Redistributions of any form whatsoever must retain the following | ||
35 | * acknowledgment: | ||
36 | * "This product includes software developed by the OpenSSL Project | ||
37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
38 | * | ||
39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
51 | * ==================================================================== | ||
52 | * | ||
53 | * This product includes cryptographic software written by Eric Young | ||
54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
55 | * Hudson (tjh@cryptsoft.com). | ||
56 | */ | ||
57 | |||
58 | /* | ||
59 | * Implementation of RFC 3779 section 2.2. | ||
60 | */ | ||
61 | |||
62 | #include <stdio.h> | ||
63 | #include <stdlib.h> | ||
64 | |||
65 | #include "cryptlib.h" | ||
66 | #include <openssl/conf.h> | ||
67 | #include <openssl/asn1.h> | ||
68 | #include <openssl/asn1t.h> | ||
69 | #include <openssl/buffer.h> | ||
70 | #include <openssl/x509v3.h> | ||
71 | |||
72 | #ifndef OPENSSL_NO_RFC3779 | ||
73 | |||
74 | /* | ||
75 | * OpenSSL ASN.1 template translation of RFC 3779 2.2.3. | ||
76 | */ | ||
77 | |||
78 | ASN1_SEQUENCE(IPAddressRange) = { | ||
79 | ASN1_SIMPLE(IPAddressRange, min, ASN1_BIT_STRING), | ||
80 | ASN1_SIMPLE(IPAddressRange, max, ASN1_BIT_STRING) | ||
81 | } ASN1_SEQUENCE_END(IPAddressRange) | ||
82 | |||
83 | ASN1_CHOICE(IPAddressOrRange) = { | ||
84 | ASN1_SIMPLE(IPAddressOrRange, u.addressPrefix, ASN1_BIT_STRING), | ||
85 | ASN1_SIMPLE(IPAddressOrRange, u.addressRange, IPAddressRange) | ||
86 | } ASN1_CHOICE_END(IPAddressOrRange) | ||
87 | |||
88 | ASN1_CHOICE(IPAddressChoice) = { | ||
89 | ASN1_SIMPLE(IPAddressChoice, u.inherit, ASN1_NULL), | ||
90 | ASN1_SEQUENCE_OF(IPAddressChoice, u.addressesOrRanges, IPAddressOrRange) | ||
91 | } ASN1_CHOICE_END(IPAddressChoice) | ||
92 | |||
93 | ASN1_SEQUENCE(IPAddressFamily) = { | ||
94 | ASN1_SIMPLE(IPAddressFamily, addressFamily, ASN1_OCTET_STRING), | ||
95 | ASN1_SIMPLE(IPAddressFamily, ipAddressChoice, IPAddressChoice) | ||
96 | } ASN1_SEQUENCE_END(IPAddressFamily) | ||
97 | |||
98 | ASN1_ITEM_TEMPLATE(IPAddrBlocks) = | ||
99 | ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, | ||
100 | IPAddrBlocks, IPAddressFamily) | ||
101 | ASN1_ITEM_TEMPLATE_END(IPAddrBlocks) | ||
102 | |||
103 | IMPLEMENT_ASN1_FUNCTIONS(IPAddressRange) | ||
104 | IMPLEMENT_ASN1_FUNCTIONS(IPAddressOrRange) | ||
105 | IMPLEMENT_ASN1_FUNCTIONS(IPAddressChoice) | ||
106 | IMPLEMENT_ASN1_FUNCTIONS(IPAddressFamily) | ||
107 | |||
108 | /* | ||
109 | * How much buffer space do we need for a raw address? | ||
110 | */ | ||
111 | #define ADDR_RAW_BUF_LEN 16 | ||
112 | |||
113 | /* | ||
114 | * What's the address length associated with this AFI? | ||
115 | */ | ||
116 | static int length_from_afi(const unsigned afi) | ||
117 | { | ||
118 | switch (afi) { | ||
119 | case IANA_AFI_IPV4: | ||
120 | return 4; | ||
121 | case IANA_AFI_IPV6: | ||
122 | return 16; | ||
123 | default: | ||
124 | return 0; | ||
125 | } | ||
126 | } | ||
127 | |||
128 | /* | ||
129 | * Extract the AFI from an IPAddressFamily. | ||
130 | */ | ||
131 | unsigned int v3_addr_get_afi(const IPAddressFamily *f) | ||
132 | { | ||
133 | return ((f != NULL && | ||
134 | f->addressFamily != NULL && | ||
135 | f->addressFamily->data != NULL) | ||
136 | ? ((f->addressFamily->data[0] << 8) | | ||
137 | (f->addressFamily->data[1])) | ||
138 | : 0); | ||
139 | } | ||
140 | |||
141 | /* | ||
142 | * Expand the bitstring form of an address into a raw byte array. | ||
143 | * At the moment this is coded for simplicity, not speed. | ||
144 | */ | ||
145 | static void addr_expand(unsigned char *addr, | ||
146 | const ASN1_BIT_STRING *bs, | ||
147 | const int length, | ||
148 | const unsigned char fill) | ||
149 | { | ||
150 | OPENSSL_assert(bs->length >= 0 && bs->length <= length); | ||
151 | if (bs->length > 0) { | ||
152 | memcpy(addr, bs->data, bs->length); | ||
153 | if ((bs->flags & 7) != 0) { | ||
154 | unsigned char mask = 0xFF >> (8 - (bs->flags & 7)); | ||
155 | if (fill == 0) | ||
156 | addr[bs->length - 1] &= ~mask; | ||
157 | else | ||
158 | addr[bs->length - 1] |= mask; | ||
159 | } | ||
160 | } | ||
161 | memset(addr + bs->length, fill, length - bs->length); | ||
162 | } | ||
163 | |||
164 | /* | ||
165 | * Extract the prefix length from a bitstring. | ||
166 | */ | ||
167 | #define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7))) | ||
168 | |||
169 | /* | ||
170 | * i2r handler for one address bitstring. | ||
171 | */ | ||
172 | static int i2r_address(BIO *out, | ||
173 | const unsigned afi, | ||
174 | const unsigned char fill, | ||
175 | const ASN1_BIT_STRING *bs) | ||
176 | { | ||
177 | unsigned char addr[ADDR_RAW_BUF_LEN]; | ||
178 | int i, n; | ||
179 | |||
180 | switch (afi) { | ||
181 | case IANA_AFI_IPV4: | ||
182 | addr_expand(addr, bs, 4, fill); | ||
183 | BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]); | ||
184 | break; | ||
185 | case IANA_AFI_IPV6: | ||
186 | addr_expand(addr, bs, 16, fill); | ||
187 | for (n = 16; n > 1 && addr[n-1] == 0x00 && addr[n-2] == 0x00; n -= 2) | ||
188 | ; | ||
189 | for (i = 0; i < n; i += 2) | ||
190 | BIO_printf(out, "%x%s", (addr[i] << 8) | addr[i+1], (i < 14 ? ":" : "")); | ||
191 | if (i < 16) | ||
192 | BIO_puts(out, ":"); | ||
193 | if (i == 0) | ||
194 | BIO_puts(out, ":"); | ||
195 | break; | ||
196 | default: | ||
197 | for (i = 0; i < bs->length; i++) | ||
198 | BIO_printf(out, "%s%02x", (i > 0 ? ":" : ""), bs->data[i]); | ||
199 | BIO_printf(out, "[%d]", (int) (bs->flags & 7)); | ||
200 | break; | ||
201 | } | ||
202 | return 1; | ||
203 | } | ||
204 | |||
205 | /* | ||
206 | * i2r handler for a sequence of addresses and ranges. | ||
207 | */ | ||
208 | static int i2r_IPAddressOrRanges(BIO *out, | ||
209 | const int indent, | ||
210 | const IPAddressOrRanges *aors, | ||
211 | const unsigned afi) | ||
212 | { | ||
213 | int i; | ||
214 | for (i = 0; i < sk_IPAddressOrRange_num(aors); i++) { | ||
215 | const IPAddressOrRange *aor = sk_IPAddressOrRange_value(aors, i); | ||
216 | BIO_printf(out, "%*s", indent, ""); | ||
217 | switch (aor->type) { | ||
218 | case IPAddressOrRange_addressPrefix: | ||
219 | if (!i2r_address(out, afi, 0x00, aor->u.addressPrefix)) | ||
220 | return 0; | ||
221 | BIO_printf(out, "/%d\n", addr_prefixlen(aor->u.addressPrefix)); | ||
222 | continue; | ||
223 | case IPAddressOrRange_addressRange: | ||
224 | if (!i2r_address(out, afi, 0x00, aor->u.addressRange->min)) | ||
225 | return 0; | ||
226 | BIO_puts(out, "-"); | ||
227 | if (!i2r_address(out, afi, 0xFF, aor->u.addressRange->max)) | ||
228 | return 0; | ||
229 | BIO_puts(out, "\n"); | ||
230 | continue; | ||
231 | } | ||
232 | } | ||
233 | return 1; | ||
234 | } | ||
235 | |||
236 | /* | ||
237 | * i2r handler for an IPAddrBlocks extension. | ||
238 | */ | ||
239 | static int i2r_IPAddrBlocks(const X509V3_EXT_METHOD *method, | ||
240 | void *ext, | ||
241 | BIO *out, | ||
242 | int indent) | ||
243 | { | ||
244 | const IPAddrBlocks *addr = ext; | ||
245 | int i; | ||
246 | for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { | ||
247 | IPAddressFamily *f = sk_IPAddressFamily_value(addr, i); | ||
248 | const unsigned int afi = v3_addr_get_afi(f); | ||
249 | switch (afi) { | ||
250 | case IANA_AFI_IPV4: | ||
251 | BIO_printf(out, "%*sIPv4", indent, ""); | ||
252 | break; | ||
253 | case IANA_AFI_IPV6: | ||
254 | BIO_printf(out, "%*sIPv6", indent, ""); | ||
255 | break; | ||
256 | default: | ||
257 | BIO_printf(out, "%*sUnknown AFI %u", indent, "", afi); | ||
258 | break; | ||
259 | } | ||
260 | if (f->addressFamily->length > 2) { | ||
261 | switch (f->addressFamily->data[2]) { | ||
262 | case 1: | ||
263 | BIO_puts(out, " (Unicast)"); | ||
264 | break; | ||
265 | case 2: | ||
266 | BIO_puts(out, " (Multicast)"); | ||
267 | break; | ||
268 | case 3: | ||
269 | BIO_puts(out, " (Unicast/Multicast)"); | ||
270 | break; | ||
271 | case 4: | ||
272 | BIO_puts(out, " (MPLS)"); | ||
273 | break; | ||
274 | case 64: | ||
275 | BIO_puts(out, " (Tunnel)"); | ||
276 | break; | ||
277 | case 65: | ||
278 | BIO_puts(out, " (VPLS)"); | ||
279 | break; | ||
280 | case 66: | ||
281 | BIO_puts(out, " (BGP MDT)"); | ||
282 | break; | ||
283 | case 128: | ||
284 | BIO_puts(out, " (MPLS-labeled VPN)"); | ||
285 | break; | ||
286 | default: | ||
287 | BIO_printf(out, " (Unknown SAFI %u)", | ||
288 | (unsigned) f->addressFamily->data[2]); | ||
289 | break; | ||
290 | } | ||
291 | } | ||
292 | switch (f->ipAddressChoice->type) { | ||
293 | case IPAddressChoice_inherit: | ||
294 | BIO_puts(out, ": inherit\n"); | ||
295 | break; | ||
296 | case IPAddressChoice_addressesOrRanges: | ||
297 | BIO_puts(out, ":\n"); | ||
298 | if (!i2r_IPAddressOrRanges(out, | ||
299 | indent + 2, | ||
300 | f->ipAddressChoice->u.addressesOrRanges, | ||
301 | afi)) | ||
302 | return 0; | ||
303 | break; | ||
304 | } | ||
305 | } | ||
306 | return 1; | ||
307 | } | ||
308 | |||
309 | /* | ||
310 | * Sort comparison function for a sequence of IPAddressOrRange | ||
311 | * elements. | ||
312 | */ | ||
313 | static int IPAddressOrRange_cmp(const IPAddressOrRange *a, | ||
314 | const IPAddressOrRange *b, | ||
315 | const int length) | ||
316 | { | ||
317 | unsigned char addr_a[ADDR_RAW_BUF_LEN], addr_b[ADDR_RAW_BUF_LEN]; | ||
318 | int prefixlen_a = 0, prefixlen_b = 0; | ||
319 | int r; | ||
320 | |||
321 | switch (a->type) { | ||
322 | case IPAddressOrRange_addressPrefix: | ||
323 | addr_expand(addr_a, a->u.addressPrefix, length, 0x00); | ||
324 | prefixlen_a = addr_prefixlen(a->u.addressPrefix); | ||
325 | break; | ||
326 | case IPAddressOrRange_addressRange: | ||
327 | addr_expand(addr_a, a->u.addressRange->min, length, 0x00); | ||
328 | prefixlen_a = length * 8; | ||
329 | break; | ||
330 | } | ||
331 | |||
332 | switch (b->type) { | ||
333 | case IPAddressOrRange_addressPrefix: | ||
334 | addr_expand(addr_b, b->u.addressPrefix, length, 0x00); | ||
335 | prefixlen_b = addr_prefixlen(b->u.addressPrefix); | ||
336 | break; | ||
337 | case IPAddressOrRange_addressRange: | ||
338 | addr_expand(addr_b, b->u.addressRange->min, length, 0x00); | ||
339 | prefixlen_b = length * 8; | ||
340 | break; | ||
341 | } | ||
342 | |||
343 | if ((r = memcmp(addr_a, addr_b, length)) != 0) | ||
344 | return r; | ||
345 | else | ||
346 | return prefixlen_a - prefixlen_b; | ||
347 | } | ||
348 | |||
349 | /* | ||
350 | * IPv4-specific closure over IPAddressOrRange_cmp, since sk_sort() | ||
351 | * comparision routines are only allowed two arguments. | ||
352 | */ | ||
353 | static int v4IPAddressOrRange_cmp(const IPAddressOrRange * const *a, | ||
354 | const IPAddressOrRange * const *b) | ||
355 | { | ||
356 | return IPAddressOrRange_cmp(*a, *b, 4); | ||
357 | } | ||
358 | |||
359 | /* | ||
360 | * IPv6-specific closure over IPAddressOrRange_cmp, since sk_sort() | ||
361 | * comparision routines are only allowed two arguments. | ||
362 | */ | ||
363 | static int v6IPAddressOrRange_cmp(const IPAddressOrRange * const *a, | ||
364 | const IPAddressOrRange * const *b) | ||
365 | { | ||
366 | return IPAddressOrRange_cmp(*a, *b, 16); | ||
367 | } | ||
368 | |||
369 | /* | ||
370 | * Calculate whether a range collapses to a prefix. | ||
371 | * See last paragraph of RFC 3779 2.2.3.7. | ||
372 | */ | ||
373 | static int range_should_be_prefix(const unsigned char *min, | ||
374 | const unsigned char *max, | ||
375 | const int length) | ||
376 | { | ||
377 | unsigned char mask; | ||
378 | int i, j; | ||
379 | |||
380 | for (i = 0; i < length && min[i] == max[i]; i++) | ||
381 | ; | ||
382 | for (j = length - 1; j >= 0 && min[j] == 0x00 && max[j] == 0xFF; j--) | ||
383 | ; | ||
384 | if (i < j) | ||
385 | return -1; | ||
386 | if (i > j) | ||
387 | return i * 8; | ||
388 | mask = min[i] ^ max[i]; | ||
389 | switch (mask) { | ||
390 | case 0x01: j = 7; break; | ||
391 | case 0x03: j = 6; break; | ||
392 | case 0x07: j = 5; break; | ||
393 | case 0x0F: j = 4; break; | ||
394 | case 0x1F: j = 3; break; | ||
395 | case 0x3F: j = 2; break; | ||
396 | case 0x7F: j = 1; break; | ||
397 | default: return -1; | ||
398 | } | ||
399 | if ((min[i] & mask) != 0 || (max[i] & mask) != mask) | ||
400 | return -1; | ||
401 | else | ||
402 | return i * 8 + j; | ||
403 | } | ||
404 | |||
405 | /* | ||
406 | * Construct a prefix. | ||
407 | */ | ||
408 | static int make_addressPrefix(IPAddressOrRange **result, | ||
409 | unsigned char *addr, | ||
410 | const int prefixlen) | ||
411 | { | ||
412 | int bytelen = (prefixlen + 7) / 8, bitlen = prefixlen % 8; | ||
413 | IPAddressOrRange *aor = IPAddressOrRange_new(); | ||
414 | |||
415 | if (aor == NULL) | ||
416 | return 0; | ||
417 | aor->type = IPAddressOrRange_addressPrefix; | ||
418 | if (aor->u.addressPrefix == NULL && | ||
419 | (aor->u.addressPrefix = ASN1_BIT_STRING_new()) == NULL) | ||
420 | goto err; | ||
421 | if (!ASN1_BIT_STRING_set(aor->u.addressPrefix, addr, bytelen)) | ||
422 | goto err; | ||
423 | aor->u.addressPrefix->flags &= ~7; | ||
424 | aor->u.addressPrefix->flags |= ASN1_STRING_FLAG_BITS_LEFT; | ||
425 | if (bitlen > 0) { | ||
426 | aor->u.addressPrefix->data[bytelen - 1] &= ~(0xFF >> bitlen); | ||
427 | aor->u.addressPrefix->flags |= 8 - bitlen; | ||
428 | } | ||
429 | |||
430 | *result = aor; | ||
431 | return 1; | ||
432 | |||
433 | err: | ||
434 | IPAddressOrRange_free(aor); | ||
435 | return 0; | ||
436 | } | ||
437 | |||
438 | /* | ||
439 | * Construct a range. If it can be expressed as a prefix, | ||
440 | * return a prefix instead. Doing this here simplifies | ||
441 | * the rest of the code considerably. | ||
442 | */ | ||
443 | static int make_addressRange(IPAddressOrRange **result, | ||
444 | unsigned char *min, | ||
445 | unsigned char *max, | ||
446 | const int length) | ||
447 | { | ||
448 | IPAddressOrRange *aor; | ||
449 | int i, prefixlen; | ||
450 | |||
451 | if ((prefixlen = range_should_be_prefix(min, max, length)) >= 0) | ||
452 | return make_addressPrefix(result, min, prefixlen); | ||
453 | |||
454 | if ((aor = IPAddressOrRange_new()) == NULL) | ||
455 | return 0; | ||
456 | aor->type = IPAddressOrRange_addressRange; | ||
457 | OPENSSL_assert(aor->u.addressRange == NULL); | ||
458 | if ((aor->u.addressRange = IPAddressRange_new()) == NULL) | ||
459 | goto err; | ||
460 | if (aor->u.addressRange->min == NULL && | ||
461 | (aor->u.addressRange->min = ASN1_BIT_STRING_new()) == NULL) | ||
462 | goto err; | ||
463 | if (aor->u.addressRange->max == NULL && | ||
464 | (aor->u.addressRange->max = ASN1_BIT_STRING_new()) == NULL) | ||
465 | goto err; | ||
466 | |||
467 | for (i = length; i > 0 && min[i - 1] == 0x00; --i) | ||
468 | ; | ||
469 | if (!ASN1_BIT_STRING_set(aor->u.addressRange->min, min, i)) | ||
470 | goto err; | ||
471 | aor->u.addressRange->min->flags &= ~7; | ||
472 | aor->u.addressRange->min->flags |= ASN1_STRING_FLAG_BITS_LEFT; | ||
473 | if (i > 0) { | ||
474 | unsigned char b = min[i - 1]; | ||
475 | int j = 1; | ||
476 | while ((b & (0xFFU >> j)) != 0) | ||
477 | ++j; | ||
478 | aor->u.addressRange->min->flags |= 8 - j; | ||
479 | } | ||
480 | |||
481 | for (i = length; i > 0 && max[i - 1] == 0xFF; --i) | ||
482 | ; | ||
483 | if (!ASN1_BIT_STRING_set(aor->u.addressRange->max, max, i)) | ||
484 | goto err; | ||
485 | aor->u.addressRange->max->flags &= ~7; | ||
486 | aor->u.addressRange->max->flags |= ASN1_STRING_FLAG_BITS_LEFT; | ||
487 | if (i > 0) { | ||
488 | unsigned char b = max[i - 1]; | ||
489 | int j = 1; | ||
490 | while ((b & (0xFFU >> j)) != (0xFFU >> j)) | ||
491 | ++j; | ||
492 | aor->u.addressRange->max->flags |= 8 - j; | ||
493 | } | ||
494 | |||
495 | *result = aor; | ||
496 | return 1; | ||
497 | |||
498 | err: | ||
499 | IPAddressOrRange_free(aor); | ||
500 | return 0; | ||
501 | } | ||
502 | |||
503 | /* | ||
504 | * Construct a new address family or find an existing one. | ||
505 | */ | ||
506 | static IPAddressFamily *make_IPAddressFamily(IPAddrBlocks *addr, | ||
507 | const unsigned afi, | ||
508 | const unsigned *safi) | ||
509 | { | ||
510 | IPAddressFamily *f; | ||
511 | unsigned char key[3]; | ||
512 | unsigned keylen; | ||
513 | int i; | ||
514 | |||
515 | key[0] = (afi >> 8) & 0xFF; | ||
516 | key[1] = afi & 0xFF; | ||
517 | if (safi != NULL) { | ||
518 | key[2] = *safi & 0xFF; | ||
519 | keylen = 3; | ||
520 | } else { | ||
521 | keylen = 2; | ||
522 | } | ||
523 | |||
524 | for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { | ||
525 | f = sk_IPAddressFamily_value(addr, i); | ||
526 | OPENSSL_assert(f->addressFamily->data != NULL); | ||
527 | if (f->addressFamily->length == keylen && | ||
528 | !memcmp(f->addressFamily->data, key, keylen)) | ||
529 | return f; | ||
530 | } | ||
531 | |||
532 | if ((f = IPAddressFamily_new()) == NULL) | ||
533 | goto err; | ||
534 | if (f->ipAddressChoice == NULL && | ||
535 | (f->ipAddressChoice = IPAddressChoice_new()) == NULL) | ||
536 | goto err; | ||
537 | if (f->addressFamily == NULL && | ||
538 | (f->addressFamily = ASN1_OCTET_STRING_new()) == NULL) | ||
539 | goto err; | ||
540 | if (!ASN1_OCTET_STRING_set(f->addressFamily, key, keylen)) | ||
541 | goto err; | ||
542 | if (!sk_IPAddressFamily_push(addr, f)) | ||
543 | goto err; | ||
544 | |||
545 | return f; | ||
546 | |||
547 | err: | ||
548 | IPAddressFamily_free(f); | ||
549 | return NULL; | ||
550 | } | ||
551 | |||
552 | /* | ||
553 | * Add an inheritance element. | ||
554 | */ | ||
555 | int v3_addr_add_inherit(IPAddrBlocks *addr, | ||
556 | const unsigned afi, | ||
557 | const unsigned *safi) | ||
558 | { | ||
559 | IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi); | ||
560 | if (f == NULL || | ||
561 | f->ipAddressChoice == NULL || | ||
562 | (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges && | ||
563 | f->ipAddressChoice->u.addressesOrRanges != NULL)) | ||
564 | return 0; | ||
565 | if (f->ipAddressChoice->type == IPAddressChoice_inherit && | ||
566 | f->ipAddressChoice->u.inherit != NULL) | ||
567 | return 1; | ||
568 | if (f->ipAddressChoice->u.inherit == NULL && | ||
569 | (f->ipAddressChoice->u.inherit = ASN1_NULL_new()) == NULL) | ||
570 | return 0; | ||
571 | f->ipAddressChoice->type = IPAddressChoice_inherit; | ||
572 | return 1; | ||
573 | } | ||
574 | |||
575 | /* | ||
576 | * Construct an IPAddressOrRange sequence, or return an existing one. | ||
577 | */ | ||
578 | static IPAddressOrRanges *make_prefix_or_range(IPAddrBlocks *addr, | ||
579 | const unsigned afi, | ||
580 | const unsigned *safi) | ||
581 | { | ||
582 | IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi); | ||
583 | IPAddressOrRanges *aors = NULL; | ||
584 | |||
585 | if (f == NULL || | ||
586 | f->ipAddressChoice == NULL || | ||
587 | (f->ipAddressChoice->type == IPAddressChoice_inherit && | ||
588 | f->ipAddressChoice->u.inherit != NULL)) | ||
589 | return NULL; | ||
590 | if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges) | ||
591 | aors = f->ipAddressChoice->u.addressesOrRanges; | ||
592 | if (aors != NULL) | ||
593 | return aors; | ||
594 | if ((aors = sk_IPAddressOrRange_new_null()) == NULL) | ||
595 | return NULL; | ||
596 | switch (afi) { | ||
597 | case IANA_AFI_IPV4: | ||
598 | sk_IPAddressOrRange_set_cmp_func(aors, v4IPAddressOrRange_cmp); | ||
599 | break; | ||
600 | case IANA_AFI_IPV6: | ||
601 | sk_IPAddressOrRange_set_cmp_func(aors, v6IPAddressOrRange_cmp); | ||
602 | break; | ||
603 | } | ||
604 | f->ipAddressChoice->type = IPAddressChoice_addressesOrRanges; | ||
605 | f->ipAddressChoice->u.addressesOrRanges = aors; | ||
606 | return aors; | ||
607 | } | ||
608 | |||
609 | /* | ||
610 | * Add a prefix. | ||
611 | */ | ||
612 | int v3_addr_add_prefix(IPAddrBlocks *addr, | ||
613 | const unsigned afi, | ||
614 | const unsigned *safi, | ||
615 | unsigned char *a, | ||
616 | const int prefixlen) | ||
617 | { | ||
618 | IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi); | ||
619 | IPAddressOrRange *aor; | ||
620 | if (aors == NULL || !make_addressPrefix(&aor, a, prefixlen)) | ||
621 | return 0; | ||
622 | if (sk_IPAddressOrRange_push(aors, aor)) | ||
623 | return 1; | ||
624 | IPAddressOrRange_free(aor); | ||
625 | return 0; | ||
626 | } | ||
627 | |||
628 | /* | ||
629 | * Add a range. | ||
630 | */ | ||
631 | int v3_addr_add_range(IPAddrBlocks *addr, | ||
632 | const unsigned afi, | ||
633 | const unsigned *safi, | ||
634 | unsigned char *min, | ||
635 | unsigned char *max) | ||
636 | { | ||
637 | IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi); | ||
638 | IPAddressOrRange *aor; | ||
639 | int length = length_from_afi(afi); | ||
640 | if (aors == NULL) | ||
641 | return 0; | ||
642 | if (!make_addressRange(&aor, min, max, length)) | ||
643 | return 0; | ||
644 | if (sk_IPAddressOrRange_push(aors, aor)) | ||
645 | return 1; | ||
646 | IPAddressOrRange_free(aor); | ||
647 | return 0; | ||
648 | } | ||
649 | |||
650 | /* | ||
651 | * Extract min and max values from an IPAddressOrRange. | ||
652 | */ | ||
653 | static void extract_min_max(IPAddressOrRange *aor, | ||
654 | unsigned char *min, | ||
655 | unsigned char *max, | ||
656 | int length) | ||
657 | { | ||
658 | OPENSSL_assert(aor != NULL && min != NULL && max != NULL); | ||
659 | switch (aor->type) { | ||
660 | case IPAddressOrRange_addressPrefix: | ||
661 | addr_expand(min, aor->u.addressPrefix, length, 0x00); | ||
662 | addr_expand(max, aor->u.addressPrefix, length, 0xFF); | ||
663 | return; | ||
664 | case IPAddressOrRange_addressRange: | ||
665 | addr_expand(min, aor->u.addressRange->min, length, 0x00); | ||
666 | addr_expand(max, aor->u.addressRange->max, length, 0xFF); | ||
667 | return; | ||
668 | } | ||
669 | } | ||
670 | |||
671 | /* | ||
672 | * Public wrapper for extract_min_max(). | ||
673 | */ | ||
674 | int v3_addr_get_range(IPAddressOrRange *aor, | ||
675 | const unsigned afi, | ||
676 | unsigned char *min, | ||
677 | unsigned char *max, | ||
678 | const int length) | ||
679 | { | ||
680 | int afi_length = length_from_afi(afi); | ||
681 | if (aor == NULL || min == NULL || max == NULL || | ||
682 | afi_length == 0 || length < afi_length || | ||
683 | (aor->type != IPAddressOrRange_addressPrefix && | ||
684 | aor->type != IPAddressOrRange_addressRange)) | ||
685 | return 0; | ||
686 | extract_min_max(aor, min, max, afi_length); | ||
687 | return afi_length; | ||
688 | } | ||
689 | |||
690 | /* | ||
691 | * Sort comparision function for a sequence of IPAddressFamily. | ||
692 | * | ||
693 | * The last paragraph of RFC 3779 2.2.3.3 is slightly ambiguous about | ||
694 | * the ordering: I can read it as meaning that IPv6 without a SAFI | ||
695 | * comes before IPv4 with a SAFI, which seems pretty weird. The | ||
696 | * examples in appendix B suggest that the author intended the | ||
697 | * null-SAFI rule to apply only within a single AFI, which is what I | ||
698 | * would have expected and is what the following code implements. | ||
699 | */ | ||
700 | static int IPAddressFamily_cmp(const IPAddressFamily * const *a_, | ||
701 | const IPAddressFamily * const *b_) | ||
702 | { | ||
703 | const ASN1_OCTET_STRING *a = (*a_)->addressFamily; | ||
704 | const ASN1_OCTET_STRING *b = (*b_)->addressFamily; | ||
705 | int len = ((a->length <= b->length) ? a->length : b->length); | ||
706 | int cmp = memcmp(a->data, b->data, len); | ||
707 | return cmp ? cmp : a->length - b->length; | ||
708 | } | ||
709 | |||
710 | /* | ||
711 | * Check whether an IPAddrBLocks is in canonical form. | ||
712 | */ | ||
713 | int v3_addr_is_canonical(IPAddrBlocks *addr) | ||
714 | { | ||
715 | unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN]; | ||
716 | unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN]; | ||
717 | IPAddressOrRanges *aors; | ||
718 | int i, j, k; | ||
719 | |||
720 | /* | ||
721 | * Empty extension is cannonical. | ||
722 | */ | ||
723 | if (addr == NULL) | ||
724 | return 1; | ||
725 | |||
726 | /* | ||
727 | * Check whether the top-level list is in order. | ||
728 | */ | ||
729 | for (i = 0; i < sk_IPAddressFamily_num(addr) - 1; i++) { | ||
730 | const IPAddressFamily *a = sk_IPAddressFamily_value(addr, i); | ||
731 | const IPAddressFamily *b = sk_IPAddressFamily_value(addr, i + 1); | ||
732 | if (IPAddressFamily_cmp(&a, &b) >= 0) | ||
733 | return 0; | ||
734 | } | ||
735 | |||
736 | /* | ||
737 | * Top level's ok, now check each address family. | ||
738 | */ | ||
739 | for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { | ||
740 | IPAddressFamily *f = sk_IPAddressFamily_value(addr, i); | ||
741 | int length = length_from_afi(v3_addr_get_afi(f)); | ||
742 | |||
743 | /* | ||
744 | * Inheritance is canonical. Anything other than inheritance or | ||
745 | * a SEQUENCE OF IPAddressOrRange is an ASN.1 error or something. | ||
746 | */ | ||
747 | if (f == NULL || f->ipAddressChoice == NULL) | ||
748 | return 0; | ||
749 | switch (f->ipAddressChoice->type) { | ||
750 | case IPAddressChoice_inherit: | ||
751 | continue; | ||
752 | case IPAddressChoice_addressesOrRanges: | ||
753 | break; | ||
754 | default: | ||
755 | return 0; | ||
756 | } | ||
757 | |||
758 | /* | ||
759 | * It's an IPAddressOrRanges sequence, check it. | ||
760 | */ | ||
761 | aors = f->ipAddressChoice->u.addressesOrRanges; | ||
762 | if (sk_IPAddressOrRange_num(aors) == 0) | ||
763 | return 0; | ||
764 | for (j = 0; j < sk_IPAddressOrRange_num(aors) - 1; j++) { | ||
765 | IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j); | ||
766 | IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, j + 1); | ||
767 | |||
768 | extract_min_max(a, a_min, a_max, length); | ||
769 | extract_min_max(b, b_min, b_max, length); | ||
770 | |||
771 | /* | ||
772 | * Punt misordered list, overlapping start, or inverted range. | ||
773 | */ | ||
774 | if (memcmp(a_min, b_min, length) >= 0 || | ||
775 | memcmp(a_min, a_max, length) > 0 || | ||
776 | memcmp(b_min, b_max, length) > 0) | ||
777 | return 0; | ||
778 | |||
779 | /* | ||
780 | * Punt if adjacent or overlapping. Check for adjacency by | ||
781 | * subtracting one from b_min first. | ||
782 | */ | ||
783 | for (k = length - 1; k >= 0 && b_min[k]-- == 0x00; k--) | ||
784 | ; | ||
785 | if (memcmp(a_max, b_min, length) >= 0) | ||
786 | return 0; | ||
787 | |||
788 | /* | ||
789 | * Check for range that should be expressed as a prefix. | ||
790 | */ | ||
791 | if (a->type == IPAddressOrRange_addressRange && | ||
792 | range_should_be_prefix(a_min, a_max, length) >= 0) | ||
793 | return 0; | ||
794 | } | ||
795 | |||
796 | /* | ||
797 | * Check final range to see if it should be a prefix. | ||
798 | */ | ||
799 | j = sk_IPAddressOrRange_num(aors) - 1; | ||
800 | { | ||
801 | IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j); | ||
802 | if (a->type == IPAddressOrRange_addressRange) { | ||
803 | extract_min_max(a, a_min, a_max, length); | ||
804 | if (range_should_be_prefix(a_min, a_max, length) >= 0) | ||
805 | return 0; | ||
806 | } | ||
807 | } | ||
808 | } | ||
809 | |||
810 | /* | ||
811 | * If we made it through all that, we're happy. | ||
812 | */ | ||
813 | return 1; | ||
814 | } | ||
815 | |||
816 | /* | ||
817 | * Whack an IPAddressOrRanges into canonical form. | ||
818 | */ | ||
819 | static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors, | ||
820 | const unsigned afi) | ||
821 | { | ||
822 | int i, j, length = length_from_afi(afi); | ||
823 | |||
824 | /* | ||
825 | * Sort the IPAddressOrRanges sequence. | ||
826 | */ | ||
827 | sk_IPAddressOrRange_sort(aors); | ||
828 | |||
829 | /* | ||
830 | * Clean up representation issues, punt on duplicates or overlaps. | ||
831 | */ | ||
832 | for (i = 0; i < sk_IPAddressOrRange_num(aors) - 1; i++) { | ||
833 | IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, i); | ||
834 | IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, i + 1); | ||
835 | unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN]; | ||
836 | unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN]; | ||
837 | |||
838 | extract_min_max(a, a_min, a_max, length); | ||
839 | extract_min_max(b, b_min, b_max, length); | ||
840 | |||
841 | /* | ||
842 | * Punt overlaps. | ||
843 | */ | ||
844 | if (memcmp(a_max, b_min, length) >= 0) | ||
845 | return 0; | ||
846 | |||
847 | /* | ||
848 | * Merge if a and b are adjacent. We check for | ||
849 | * adjacency by subtracting one from b_min first. | ||
850 | */ | ||
851 | for (j = length - 1; j >= 0 && b_min[j]-- == 0x00; j--) | ||
852 | ; | ||
853 | if (memcmp(a_max, b_min, length) == 0) { | ||
854 | IPAddressOrRange *merged; | ||
855 | if (!make_addressRange(&merged, a_min, b_max, length)) | ||
856 | return 0; | ||
857 | sk_IPAddressOrRange_set(aors, i, merged); | ||
858 | sk_IPAddressOrRange_delete(aors, i + 1); | ||
859 | IPAddressOrRange_free(a); | ||
860 | IPAddressOrRange_free(b); | ||
861 | --i; | ||
862 | continue; | ||
863 | } | ||
864 | } | ||
865 | |||
866 | return 1; | ||
867 | } | ||
868 | |||
869 | /* | ||
870 | * Whack an IPAddrBlocks extension into canonical form. | ||
871 | */ | ||
872 | int v3_addr_canonize(IPAddrBlocks *addr) | ||
873 | { | ||
874 | int i; | ||
875 | for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { | ||
876 | IPAddressFamily *f = sk_IPAddressFamily_value(addr, i); | ||
877 | if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges && | ||
878 | !IPAddressOrRanges_canonize(f->ipAddressChoice->u.addressesOrRanges, | ||
879 | v3_addr_get_afi(f))) | ||
880 | return 0; | ||
881 | } | ||
882 | sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp); | ||
883 | sk_IPAddressFamily_sort(addr); | ||
884 | OPENSSL_assert(v3_addr_is_canonical(addr)); | ||
885 | return 1; | ||
886 | } | ||
887 | |||
888 | /* | ||
889 | * v2i handler for the IPAddrBlocks extension. | ||
890 | */ | ||
891 | static void *v2i_IPAddrBlocks(const struct v3_ext_method *method, | ||
892 | struct v3_ext_ctx *ctx, | ||
893 | STACK_OF(CONF_VALUE) *values) | ||
894 | { | ||
895 | static const char v4addr_chars[] = "0123456789."; | ||
896 | static const char v6addr_chars[] = "0123456789.:abcdefABCDEF"; | ||
897 | IPAddrBlocks *addr = NULL; | ||
898 | char *s = NULL, *t; | ||
899 | int i; | ||
900 | |||
901 | if ((addr = sk_IPAddressFamily_new(IPAddressFamily_cmp)) == NULL) { | ||
902 | X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE); | ||
903 | return NULL; | ||
904 | } | ||
905 | |||
906 | for (i = 0; i < sk_CONF_VALUE_num(values); i++) { | ||
907 | CONF_VALUE *val = sk_CONF_VALUE_value(values, i); | ||
908 | unsigned char min[ADDR_RAW_BUF_LEN], max[ADDR_RAW_BUF_LEN]; | ||
909 | unsigned afi, *safi = NULL, safi_; | ||
910 | const char *addr_chars; | ||
911 | int prefixlen, i1, i2, delim, length; | ||
912 | |||
913 | if ( !name_cmp(val->name, "IPv4")) { | ||
914 | afi = IANA_AFI_IPV4; | ||
915 | } else if (!name_cmp(val->name, "IPv6")) { | ||
916 | afi = IANA_AFI_IPV6; | ||
917 | } else if (!name_cmp(val->name, "IPv4-SAFI")) { | ||
918 | afi = IANA_AFI_IPV4; | ||
919 | safi = &safi_; | ||
920 | } else if (!name_cmp(val->name, "IPv6-SAFI")) { | ||
921 | afi = IANA_AFI_IPV6; | ||
922 | safi = &safi_; | ||
923 | } else { | ||
924 | X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_NAME_ERROR); | ||
925 | X509V3_conf_err(val); | ||
926 | goto err; | ||
927 | } | ||
928 | |||
929 | switch (afi) { | ||
930 | case IANA_AFI_IPV4: | ||
931 | addr_chars = v4addr_chars; | ||
932 | break; | ||
933 | case IANA_AFI_IPV6: | ||
934 | addr_chars = v6addr_chars; | ||
935 | break; | ||
936 | } | ||
937 | |||
938 | length = length_from_afi(afi); | ||
939 | |||
940 | /* | ||
941 | * Handle SAFI, if any, and BUF_strdup() so we can null-terminate | ||
942 | * the other input values. | ||
943 | */ | ||
944 | if (safi != NULL) { | ||
945 | *safi = strtoul(val->value, &t, 0); | ||
946 | t += strspn(t, " \t"); | ||
947 | if (*safi > 0xFF || *t++ != ':') { | ||
948 | X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_SAFI); | ||
949 | X509V3_conf_err(val); | ||
950 | goto err; | ||
951 | } | ||
952 | t += strspn(t, " \t"); | ||
953 | s = BUF_strdup(t); | ||
954 | } else { | ||
955 | s = BUF_strdup(val->value); | ||
956 | } | ||
957 | if (s == NULL) { | ||
958 | X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE); | ||
959 | goto err; | ||
960 | } | ||
961 | |||
962 | /* | ||
963 | * Check for inheritance. Not worth additional complexity to | ||
964 | * optimize this (seldom-used) case. | ||
965 | */ | ||
966 | if (!strcmp(s, "inherit")) { | ||
967 | if (!v3_addr_add_inherit(addr, afi, safi)) { | ||
968 | X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_INHERITANCE); | ||
969 | X509V3_conf_err(val); | ||
970 | goto err; | ||
971 | } | ||
972 | OPENSSL_free(s); | ||
973 | s = NULL; | ||
974 | continue; | ||
975 | } | ||
976 | |||
977 | i1 = strspn(s, addr_chars); | ||
978 | i2 = i1 + strspn(s + i1, " \t"); | ||
979 | delim = s[i2++]; | ||
980 | s[i1] = '\0'; | ||
981 | |||
982 | if (a2i_ipadd(min, s) != length) { | ||
983 | X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_IPADDRESS); | ||
984 | X509V3_conf_err(val); | ||
985 | goto err; | ||
986 | } | ||
987 | |||
988 | switch (delim) { | ||
989 | case '/': | ||
990 | prefixlen = (int) strtoul(s + i2, &t, 10); | ||
991 | if (t == s + i2 || *t != '\0') { | ||
992 | X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_VALUE_ERROR); | ||
993 | X509V3_conf_err(val); | ||
994 | goto err; | ||
995 | } | ||
996 | if (!v3_addr_add_prefix(addr, afi, safi, min, prefixlen)) { | ||
997 | X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE); | ||
998 | goto err; | ||
999 | } | ||
1000 | break; | ||
1001 | case '-': | ||
1002 | i1 = i2 + strspn(s + i2, " \t"); | ||
1003 | i2 = i1 + strspn(s + i1, addr_chars); | ||
1004 | if (i1 == i2 || s[i2] != '\0') { | ||
1005 | X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_VALUE_ERROR); | ||
1006 | X509V3_conf_err(val); | ||
1007 | goto err; | ||
1008 | } | ||
1009 | if (a2i_ipadd(max, s + i1) != length) { | ||
1010 | X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_IPADDRESS); | ||
1011 | X509V3_conf_err(val); | ||
1012 | goto err; | ||
1013 | } | ||
1014 | if (!v3_addr_add_range(addr, afi, safi, min, max)) { | ||
1015 | X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE); | ||
1016 | goto err; | ||
1017 | } | ||
1018 | break; | ||
1019 | case '\0': | ||
1020 | if (!v3_addr_add_prefix(addr, afi, safi, min, length * 8)) { | ||
1021 | X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE); | ||
1022 | goto err; | ||
1023 | } | ||
1024 | break; | ||
1025 | default: | ||
1026 | X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_VALUE_ERROR); | ||
1027 | X509V3_conf_err(val); | ||
1028 | goto err; | ||
1029 | } | ||
1030 | |||
1031 | OPENSSL_free(s); | ||
1032 | s = NULL; | ||
1033 | } | ||
1034 | |||
1035 | /* | ||
1036 | * Canonize the result, then we're done. | ||
1037 | */ | ||
1038 | if (!v3_addr_canonize(addr)) | ||
1039 | goto err; | ||
1040 | return addr; | ||
1041 | |||
1042 | err: | ||
1043 | OPENSSL_free(s); | ||
1044 | sk_IPAddressFamily_pop_free(addr, IPAddressFamily_free); | ||
1045 | return NULL; | ||
1046 | } | ||
1047 | |||
1048 | /* | ||
1049 | * OpenSSL dispatch | ||
1050 | */ | ||
1051 | const X509V3_EXT_METHOD v3_addr = { | ||
1052 | NID_sbgp_ipAddrBlock, /* nid */ | ||
1053 | 0, /* flags */ | ||
1054 | ASN1_ITEM_ref(IPAddrBlocks), /* template */ | ||
1055 | 0, 0, 0, 0, /* old functions, ignored */ | ||
1056 | 0, /* i2s */ | ||
1057 | 0, /* s2i */ | ||
1058 | 0, /* i2v */ | ||
1059 | v2i_IPAddrBlocks, /* v2i */ | ||
1060 | i2r_IPAddrBlocks, /* i2r */ | ||
1061 | 0, /* r2i */ | ||
1062 | NULL /* extension-specific data */ | ||
1063 | }; | ||
1064 | |||
1065 | /* | ||
1066 | * Figure out whether extension sues inheritance. | ||
1067 | */ | ||
1068 | int v3_addr_inherits(IPAddrBlocks *addr) | ||
1069 | { | ||
1070 | int i; | ||
1071 | if (addr == NULL) | ||
1072 | return 0; | ||
1073 | for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { | ||
1074 | IPAddressFamily *f = sk_IPAddressFamily_value(addr, i); | ||
1075 | if (f->ipAddressChoice->type == IPAddressChoice_inherit) | ||
1076 | return 1; | ||
1077 | } | ||
1078 | return 0; | ||
1079 | } | ||
1080 | |||
1081 | /* | ||
1082 | * Figure out whether parent contains child. | ||
1083 | */ | ||
1084 | static int addr_contains(IPAddressOrRanges *parent, | ||
1085 | IPAddressOrRanges *child, | ||
1086 | int length) | ||
1087 | { | ||
1088 | unsigned char p_min[ADDR_RAW_BUF_LEN], p_max[ADDR_RAW_BUF_LEN]; | ||
1089 | unsigned char c_min[ADDR_RAW_BUF_LEN], c_max[ADDR_RAW_BUF_LEN]; | ||
1090 | int p, c; | ||
1091 | |||
1092 | if (child == NULL || parent == child) | ||
1093 | return 1; | ||
1094 | if (parent == NULL) | ||
1095 | return 0; | ||
1096 | |||
1097 | p = 0; | ||
1098 | for (c = 0; c < sk_IPAddressOrRange_num(child); c++) { | ||
1099 | extract_min_max(sk_IPAddressOrRange_value(child, c), | ||
1100 | c_min, c_max, length); | ||
1101 | for (;; p++) { | ||
1102 | if (p >= sk_IPAddressOrRange_num(parent)) | ||
1103 | return 0; | ||
1104 | extract_min_max(sk_IPAddressOrRange_value(parent, p), | ||
1105 | p_min, p_max, length); | ||
1106 | if (memcmp(p_max, c_max, length) < 0) | ||
1107 | continue; | ||
1108 | if (memcmp(p_min, c_min, length) > 0) | ||
1109 | return 0; | ||
1110 | break; | ||
1111 | } | ||
1112 | } | ||
1113 | |||
1114 | return 1; | ||
1115 | } | ||
1116 | |||
1117 | /* | ||
1118 | * Test whether a is a subset of b. | ||
1119 | */ | ||
1120 | int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b) | ||
1121 | { | ||
1122 | int i; | ||
1123 | if (a == NULL || a == b) | ||
1124 | return 1; | ||
1125 | if (b == NULL || v3_addr_inherits(a) || v3_addr_inherits(b)) | ||
1126 | return 0; | ||
1127 | sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp); | ||
1128 | for (i = 0; i < sk_IPAddressFamily_num(a); i++) { | ||
1129 | IPAddressFamily *fa = sk_IPAddressFamily_value(a, i); | ||
1130 | int j = sk_IPAddressFamily_find(b, fa); | ||
1131 | IPAddressFamily *fb; | ||
1132 | fb = sk_IPAddressFamily_value(b, j); | ||
1133 | if (fb == NULL) | ||
1134 | return 0; | ||
1135 | if (!addr_contains(fb->ipAddressChoice->u.addressesOrRanges, | ||
1136 | fa->ipAddressChoice->u.addressesOrRanges, | ||
1137 | length_from_afi(v3_addr_get_afi(fb)))) | ||
1138 | return 0; | ||
1139 | } | ||
1140 | return 1; | ||
1141 | } | ||
1142 | |||
1143 | /* | ||
1144 | * Validation error handling via callback. | ||
1145 | */ | ||
1146 | #define validation_err(_err_) \ | ||
1147 | do { \ | ||
1148 | if (ctx != NULL) { \ | ||
1149 | ctx->error = _err_; \ | ||
1150 | ctx->error_depth = i; \ | ||
1151 | ctx->current_cert = x; \ | ||
1152 | ret = ctx->verify_cb(0, ctx); \ | ||
1153 | } else { \ | ||
1154 | ret = 0; \ | ||
1155 | } \ | ||
1156 | if (!ret) \ | ||
1157 | goto done; \ | ||
1158 | } while (0) | ||
1159 | |||
1160 | /* | ||
1161 | * Core code for RFC 3779 2.3 path validation. | ||
1162 | */ | ||
1163 | static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx, | ||
1164 | STACK_OF(X509) *chain, | ||
1165 | IPAddrBlocks *ext) | ||
1166 | { | ||
1167 | IPAddrBlocks *child = NULL; | ||
1168 | int i, j, ret = 1; | ||
1169 | X509 *x; | ||
1170 | |||
1171 | OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0); | ||
1172 | OPENSSL_assert(ctx != NULL || ext != NULL); | ||
1173 | OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL); | ||
1174 | |||
1175 | /* | ||
1176 | * Figure out where to start. If we don't have an extension to | ||
1177 | * check, we're done. Otherwise, check canonical form and | ||
1178 | * set up for walking up the chain. | ||
1179 | */ | ||
1180 | if (ext != NULL) { | ||
1181 | i = -1; | ||
1182 | x = NULL; | ||
1183 | } else { | ||
1184 | i = 0; | ||
1185 | x = sk_X509_value(chain, i); | ||
1186 | OPENSSL_assert(x != NULL); | ||
1187 | if ((ext = x->rfc3779_addr) == NULL) | ||
1188 | goto done; | ||
1189 | } | ||
1190 | if (!v3_addr_is_canonical(ext)) | ||
1191 | validation_err(X509_V_ERR_INVALID_EXTENSION); | ||
1192 | sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp); | ||
1193 | if ((child = sk_IPAddressFamily_dup(ext)) == NULL) { | ||
1194 | X509V3err(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL, ERR_R_MALLOC_FAILURE); | ||
1195 | ret = 0; | ||
1196 | goto done; | ||
1197 | } | ||
1198 | |||
1199 | /* | ||
1200 | * Now walk up the chain. No cert may list resources that its | ||
1201 | * parent doesn't list. | ||
1202 | */ | ||
1203 | for (i++; i < sk_X509_num(chain); i++) { | ||
1204 | x = sk_X509_value(chain, i); | ||
1205 | OPENSSL_assert(x != NULL); | ||
1206 | if (!v3_addr_is_canonical(x->rfc3779_addr)) | ||
1207 | validation_err(X509_V_ERR_INVALID_EXTENSION); | ||
1208 | if (x->rfc3779_addr == NULL) { | ||
1209 | for (j = 0; j < sk_IPAddressFamily_num(child); j++) { | ||
1210 | IPAddressFamily *fc = sk_IPAddressFamily_value(child, j); | ||
1211 | if (fc->ipAddressChoice->type != IPAddressChoice_inherit) { | ||
1212 | validation_err(X509_V_ERR_UNNESTED_RESOURCE); | ||
1213 | break; | ||
1214 | } | ||
1215 | } | ||
1216 | continue; | ||
1217 | } | ||
1218 | sk_IPAddressFamily_set_cmp_func(x->rfc3779_addr, IPAddressFamily_cmp); | ||
1219 | for (j = 0; j < sk_IPAddressFamily_num(child); j++) { | ||
1220 | IPAddressFamily *fc = sk_IPAddressFamily_value(child, j); | ||
1221 | int k = sk_IPAddressFamily_find(x->rfc3779_addr, fc); | ||
1222 | IPAddressFamily *fp = sk_IPAddressFamily_value(x->rfc3779_addr, k); | ||
1223 | if (fp == NULL) { | ||
1224 | if (fc->ipAddressChoice->type == IPAddressChoice_addressesOrRanges) { | ||
1225 | validation_err(X509_V_ERR_UNNESTED_RESOURCE); | ||
1226 | break; | ||
1227 | } | ||
1228 | continue; | ||
1229 | } | ||
1230 | if (fp->ipAddressChoice->type == IPAddressChoice_addressesOrRanges) { | ||
1231 | if (fc->ipAddressChoice->type == IPAddressChoice_inherit || | ||
1232 | addr_contains(fp->ipAddressChoice->u.addressesOrRanges, | ||
1233 | fc->ipAddressChoice->u.addressesOrRanges, | ||
1234 | length_from_afi(v3_addr_get_afi(fc)))) | ||
1235 | sk_IPAddressFamily_set(child, j, fp); | ||
1236 | else | ||
1237 | validation_err(X509_V_ERR_UNNESTED_RESOURCE); | ||
1238 | } | ||
1239 | } | ||
1240 | } | ||
1241 | |||
1242 | /* | ||
1243 | * Trust anchor can't inherit. | ||
1244 | */ | ||
1245 | OPENSSL_assert(x != NULL); | ||
1246 | if (x->rfc3779_addr != NULL) { | ||
1247 | for (j = 0; j < sk_IPAddressFamily_num(x->rfc3779_addr); j++) { | ||
1248 | IPAddressFamily *fp = sk_IPAddressFamily_value(x->rfc3779_addr, j); | ||
1249 | if (fp->ipAddressChoice->type == IPAddressChoice_inherit && | ||
1250 | sk_IPAddressFamily_find(child, fp) >= 0) | ||
1251 | validation_err(X509_V_ERR_UNNESTED_RESOURCE); | ||
1252 | } | ||
1253 | } | ||
1254 | |||
1255 | done: | ||
1256 | sk_IPAddressFamily_free(child); | ||
1257 | return ret; | ||
1258 | } | ||
1259 | |||
1260 | #undef validation_err | ||
1261 | |||
1262 | /* | ||
1263 | * RFC 3779 2.3 path validation -- called from X509_verify_cert(). | ||
1264 | */ | ||
1265 | int v3_addr_validate_path(X509_STORE_CTX *ctx) | ||
1266 | { | ||
1267 | return v3_addr_validate_path_internal(ctx, ctx->chain, NULL); | ||
1268 | } | ||
1269 | |||
1270 | /* | ||
1271 | * RFC 3779 2.3 path validation of an extension. | ||
1272 | * Test whether chain covers extension. | ||
1273 | */ | ||
1274 | int v3_addr_validate_resource_set(STACK_OF(X509) *chain, | ||
1275 | IPAddrBlocks *ext, | ||
1276 | int allow_inheritance) | ||
1277 | { | ||
1278 | if (ext == NULL) | ||
1279 | return 1; | ||
1280 | if (chain == NULL || sk_X509_num(chain) == 0) | ||
1281 | return 0; | ||
1282 | if (!allow_inheritance && v3_addr_inherits(ext)) | ||
1283 | return 0; | ||
1284 | return v3_addr_validate_path_internal(NULL, chain, ext); | ||
1285 | } | ||
1286 | |||
1287 | #endif /* OPENSSL_NO_RFC3779 */ | ||
diff --git a/src/lib/libcrypto/x509v3/v3_alt.c b/src/lib/libcrypto/x509v3/v3_alt.c index d29d94338e..91aefcddc1 100644 --- a/src/lib/libcrypto/x509v3/v3_alt.c +++ b/src/lib/libcrypto/x509v3/v3_alt.c | |||
@@ -153,9 +153,9 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, | |||
153 | BIO_snprintf(htmp, sizeof htmp, | 153 | BIO_snprintf(htmp, sizeof htmp, |
154 | "%X", p[0] << 8 | p[1]); | 154 | "%X", p[0] << 8 | p[1]); |
155 | p += 2; | 155 | p += 2; |
156 | strcat(oline, htmp); | 156 | strlcat(oline, htmp, sizeof(oline)); |
157 | if (i != 7) | 157 | if (i != 7) |
158 | strcat(oline, ":"); | 158 | strlcat(oline, ":", sizeof(oline)); |
159 | } | 159 | } |
160 | } | 160 | } |
161 | else | 161 | else |
diff --git a/src/lib/libcrypto/x509v3/v3_asid.c b/src/lib/libcrypto/x509v3/v3_asid.c new file mode 100644 index 0000000000..56702f86b9 --- /dev/null +++ b/src/lib/libcrypto/x509v3/v3_asid.c | |||
@@ -0,0 +1,844 @@ | |||
1 | /* | ||
2 | * Contributed to the OpenSSL Project by the American Registry for | ||
3 | * Internet Numbers ("ARIN"). | ||
4 | */ | ||
5 | /* ==================================================================== | ||
6 | * Copyright (c) 2006 The OpenSSL Project. All rights reserved. | ||
7 | * | ||
8 | * Redistribution and use in source and binary forms, with or without | ||
9 | * modification, are permitted provided that the following conditions | ||
10 | * are met: | ||
11 | * | ||
12 | * 1. Redistributions of source code must retain the above copyright | ||
13 | * notice, this list of conditions and the following disclaimer. | ||
14 | * | ||
15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
16 | * notice, this list of conditions and the following disclaimer in | ||
17 | * the documentation and/or other materials provided with the | ||
18 | * distribution. | ||
19 | * | ||
20 | * 3. All advertising materials mentioning features or use of this | ||
21 | * software must display the following acknowledgment: | ||
22 | * "This product includes software developed by the OpenSSL Project | ||
23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
24 | * | ||
25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
26 | * endorse or promote products derived from this software without | ||
27 | * prior written permission. For written permission, please contact | ||
28 | * licensing@OpenSSL.org. | ||
29 | * | ||
30 | * 5. Products derived from this software may not be called "OpenSSL" | ||
31 | * nor may "OpenSSL" appear in their names without prior written | ||
32 | * permission of the OpenSSL Project. | ||
33 | * | ||
34 | * 6. Redistributions of any form whatsoever must retain the following | ||
35 | * acknowledgment: | ||
36 | * "This product includes software developed by the OpenSSL Project | ||
37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
38 | * | ||
39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
51 | * ==================================================================== | ||
52 | * | ||
53 | * This product includes cryptographic software written by Eric Young | ||
54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
55 | * Hudson (tjh@cryptsoft.com). | ||
56 | */ | ||
57 | |||
58 | /* | ||
59 | * Implementation of RFC 3779 section 3.2. | ||
60 | */ | ||
61 | |||
62 | #include <stdio.h> | ||
63 | #include <string.h> | ||
64 | #include <assert.h> | ||
65 | #include "cryptlib.h" | ||
66 | #include <openssl/conf.h> | ||
67 | #include <openssl/asn1.h> | ||
68 | #include <openssl/asn1t.h> | ||
69 | #include <openssl/x509v3.h> | ||
70 | #include <openssl/x509.h> | ||
71 | #include <openssl/bn.h> | ||
72 | |||
73 | #ifndef OPENSSL_NO_RFC3779 | ||
74 | |||
75 | /* | ||
76 | * OpenSSL ASN.1 template translation of RFC 3779 3.2.3. | ||
77 | */ | ||
78 | |||
79 | ASN1_SEQUENCE(ASRange) = { | ||
80 | ASN1_SIMPLE(ASRange, min, ASN1_INTEGER), | ||
81 | ASN1_SIMPLE(ASRange, max, ASN1_INTEGER) | ||
82 | } ASN1_SEQUENCE_END(ASRange) | ||
83 | |||
84 | ASN1_CHOICE(ASIdOrRange) = { | ||
85 | ASN1_SIMPLE(ASIdOrRange, u.id, ASN1_INTEGER), | ||
86 | ASN1_SIMPLE(ASIdOrRange, u.range, ASRange) | ||
87 | } ASN1_CHOICE_END(ASIdOrRange) | ||
88 | |||
89 | ASN1_CHOICE(ASIdentifierChoice) = { | ||
90 | ASN1_SIMPLE(ASIdentifierChoice, u.inherit, ASN1_NULL), | ||
91 | ASN1_SEQUENCE_OF(ASIdentifierChoice, u.asIdsOrRanges, ASIdOrRange) | ||
92 | } ASN1_CHOICE_END(ASIdentifierChoice) | ||
93 | |||
94 | ASN1_SEQUENCE(ASIdentifiers) = { | ||
95 | ASN1_EXP_OPT(ASIdentifiers, asnum, ASIdentifierChoice, 0), | ||
96 | ASN1_EXP_OPT(ASIdentifiers, rdi, ASIdentifierChoice, 1) | ||
97 | } ASN1_SEQUENCE_END(ASIdentifiers) | ||
98 | |||
99 | IMPLEMENT_ASN1_FUNCTIONS(ASRange) | ||
100 | IMPLEMENT_ASN1_FUNCTIONS(ASIdOrRange) | ||
101 | IMPLEMENT_ASN1_FUNCTIONS(ASIdentifierChoice) | ||
102 | IMPLEMENT_ASN1_FUNCTIONS(ASIdentifiers) | ||
103 | |||
104 | /* | ||
105 | * i2r method for an ASIdentifierChoice. | ||
106 | */ | ||
107 | static int i2r_ASIdentifierChoice(BIO *out, | ||
108 | ASIdentifierChoice *choice, | ||
109 | int indent, | ||
110 | const char *msg) | ||
111 | { | ||
112 | int i; | ||
113 | char *s; | ||
114 | if (choice == NULL) | ||
115 | return 1; | ||
116 | BIO_printf(out, "%*s%s:\n", indent, "", msg); | ||
117 | switch (choice->type) { | ||
118 | case ASIdentifierChoice_inherit: | ||
119 | BIO_printf(out, "%*sinherit\n", indent + 2, ""); | ||
120 | break; | ||
121 | case ASIdentifierChoice_asIdsOrRanges: | ||
122 | for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges); i++) { | ||
123 | ASIdOrRange *aor = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i); | ||
124 | switch (aor->type) { | ||
125 | case ASIdOrRange_id: | ||
126 | if ((s = i2s_ASN1_INTEGER(NULL, aor->u.id)) == NULL) | ||
127 | return 0; | ||
128 | BIO_printf(out, "%*s%s\n", indent + 2, "", s); | ||
129 | OPENSSL_free(s); | ||
130 | break; | ||
131 | case ASIdOrRange_range: | ||
132 | if ((s = i2s_ASN1_INTEGER(NULL, aor->u.range->min)) == NULL) | ||
133 | return 0; | ||
134 | BIO_printf(out, "%*s%s-", indent + 2, "", s); | ||
135 | OPENSSL_free(s); | ||
136 | if ((s = i2s_ASN1_INTEGER(NULL, aor->u.range->max)) == NULL) | ||
137 | return 0; | ||
138 | BIO_printf(out, "%s\n", s); | ||
139 | OPENSSL_free(s); | ||
140 | break; | ||
141 | default: | ||
142 | return 0; | ||
143 | } | ||
144 | } | ||
145 | break; | ||
146 | default: | ||
147 | return 0; | ||
148 | } | ||
149 | return 1; | ||
150 | } | ||
151 | |||
152 | /* | ||
153 | * i2r method for an ASIdentifier extension. | ||
154 | */ | ||
155 | static int i2r_ASIdentifiers(const X509V3_EXT_METHOD *method, | ||
156 | void *ext, | ||
157 | BIO *out, | ||
158 | int indent) | ||
159 | { | ||
160 | ASIdentifiers *asid = ext; | ||
161 | return (i2r_ASIdentifierChoice(out, asid->asnum, indent, | ||
162 | "Autonomous System Numbers") && | ||
163 | i2r_ASIdentifierChoice(out, asid->rdi, indent, | ||
164 | "Routing Domain Identifiers")); | ||
165 | } | ||
166 | |||
167 | /* | ||
168 | * Sort comparision function for a sequence of ASIdOrRange elements. | ||
169 | */ | ||
170 | static int ASIdOrRange_cmp(const ASIdOrRange * const *a_, | ||
171 | const ASIdOrRange * const *b_) | ||
172 | { | ||
173 | const ASIdOrRange *a = *a_, *b = *b_; | ||
174 | |||
175 | assert((a->type == ASIdOrRange_id && a->u.id != NULL) || | ||
176 | (a->type == ASIdOrRange_range && a->u.range != NULL && | ||
177 | a->u.range->min != NULL && a->u.range->max != NULL)); | ||
178 | |||
179 | assert((b->type == ASIdOrRange_id && b->u.id != NULL) || | ||
180 | (b->type == ASIdOrRange_range && b->u.range != NULL && | ||
181 | b->u.range->min != NULL && b->u.range->max != NULL)); | ||
182 | |||
183 | if (a->type == ASIdOrRange_id && b->type == ASIdOrRange_id) | ||
184 | return ASN1_INTEGER_cmp(a->u.id, b->u.id); | ||
185 | |||
186 | if (a->type == ASIdOrRange_range && b->type == ASIdOrRange_range) { | ||
187 | int r = ASN1_INTEGER_cmp(a->u.range->min, b->u.range->min); | ||
188 | return r != 0 ? r : ASN1_INTEGER_cmp(a->u.range->max, b->u.range->max); | ||
189 | } | ||
190 | |||
191 | if (a->type == ASIdOrRange_id) | ||
192 | return ASN1_INTEGER_cmp(a->u.id, b->u.range->min); | ||
193 | else | ||
194 | return ASN1_INTEGER_cmp(a->u.range->min, b->u.id); | ||
195 | } | ||
196 | |||
197 | /* | ||
198 | * Add an inherit element. | ||
199 | */ | ||
200 | int v3_asid_add_inherit(ASIdentifiers *asid, int which) | ||
201 | { | ||
202 | ASIdentifierChoice **choice; | ||
203 | if (asid == NULL) | ||
204 | return 0; | ||
205 | switch (which) { | ||
206 | case V3_ASID_ASNUM: | ||
207 | choice = &asid->asnum; | ||
208 | break; | ||
209 | case V3_ASID_RDI: | ||
210 | choice = &asid->rdi; | ||
211 | break; | ||
212 | default: | ||
213 | return 0; | ||
214 | } | ||
215 | if (*choice == NULL) { | ||
216 | if ((*choice = ASIdentifierChoice_new()) == NULL) | ||
217 | return 0; | ||
218 | assert((*choice)->u.inherit == NULL); | ||
219 | if (((*choice)->u.inherit = ASN1_NULL_new()) == NULL) | ||
220 | return 0; | ||
221 | (*choice)->type = ASIdentifierChoice_inherit; | ||
222 | } | ||
223 | return (*choice)->type == ASIdentifierChoice_inherit; | ||
224 | } | ||
225 | |||
226 | /* | ||
227 | * Add an ID or range to an ASIdentifierChoice. | ||
228 | */ | ||
229 | int v3_asid_add_id_or_range(ASIdentifiers *asid, | ||
230 | int which, | ||
231 | ASN1_INTEGER *min, | ||
232 | ASN1_INTEGER *max) | ||
233 | { | ||
234 | ASIdentifierChoice **choice; | ||
235 | ASIdOrRange *aor; | ||
236 | if (asid == NULL) | ||
237 | return 0; | ||
238 | switch (which) { | ||
239 | case V3_ASID_ASNUM: | ||
240 | choice = &asid->asnum; | ||
241 | break; | ||
242 | case V3_ASID_RDI: | ||
243 | choice = &asid->rdi; | ||
244 | break; | ||
245 | default: | ||
246 | return 0; | ||
247 | } | ||
248 | if (*choice != NULL && (*choice)->type == ASIdentifierChoice_inherit) | ||
249 | return 0; | ||
250 | if (*choice == NULL) { | ||
251 | if ((*choice = ASIdentifierChoice_new()) == NULL) | ||
252 | return 0; | ||
253 | assert((*choice)->u.asIdsOrRanges == NULL); | ||
254 | (*choice)->u.asIdsOrRanges = sk_ASIdOrRange_new(ASIdOrRange_cmp); | ||
255 | if ((*choice)->u.asIdsOrRanges == NULL) | ||
256 | return 0; | ||
257 | (*choice)->type = ASIdentifierChoice_asIdsOrRanges; | ||
258 | } | ||
259 | if ((aor = ASIdOrRange_new()) == NULL) | ||
260 | return 0; | ||
261 | if (max == NULL) { | ||
262 | aor->type = ASIdOrRange_id; | ||
263 | aor->u.id = min; | ||
264 | } else { | ||
265 | aor->type = ASIdOrRange_range; | ||
266 | if ((aor->u.range = ASRange_new()) == NULL) | ||
267 | goto err; | ||
268 | ASN1_INTEGER_free(aor->u.range->min); | ||
269 | aor->u.range->min = min; | ||
270 | ASN1_INTEGER_free(aor->u.range->max); | ||
271 | aor->u.range->max = max; | ||
272 | } | ||
273 | if (!(sk_ASIdOrRange_push((*choice)->u.asIdsOrRanges, aor))) | ||
274 | goto err; | ||
275 | return 1; | ||
276 | |||
277 | err: | ||
278 | ASIdOrRange_free(aor); | ||
279 | return 0; | ||
280 | } | ||
281 | |||
282 | /* | ||
283 | * Extract min and max values from an ASIdOrRange. | ||
284 | */ | ||
285 | static void extract_min_max(ASIdOrRange *aor, | ||
286 | ASN1_INTEGER **min, | ||
287 | ASN1_INTEGER **max) | ||
288 | { | ||
289 | assert(aor != NULL && min != NULL && max != NULL); | ||
290 | switch (aor->type) { | ||
291 | case ASIdOrRange_id: | ||
292 | *min = aor->u.id; | ||
293 | *max = aor->u.id; | ||
294 | return; | ||
295 | case ASIdOrRange_range: | ||
296 | *min = aor->u.range->min; | ||
297 | *max = aor->u.range->max; | ||
298 | return; | ||
299 | } | ||
300 | } | ||
301 | |||
302 | /* | ||
303 | * Check whether an ASIdentifierChoice is in canonical form. | ||
304 | */ | ||
305 | static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice) | ||
306 | { | ||
307 | ASN1_INTEGER *a_max_plus_one = NULL; | ||
308 | BIGNUM *bn = NULL; | ||
309 | int i, ret = 0; | ||
310 | |||
311 | /* | ||
312 | * Empty element or inheritance is canonical. | ||
313 | */ | ||
314 | if (choice == NULL || choice->type == ASIdentifierChoice_inherit) | ||
315 | return 1; | ||
316 | |||
317 | /* | ||
318 | * If not a list, or if empty list, it's broken. | ||
319 | */ | ||
320 | if (choice->type != ASIdentifierChoice_asIdsOrRanges || | ||
321 | sk_ASIdOrRange_num(choice->u.asIdsOrRanges) == 0) | ||
322 | return 0; | ||
323 | |||
324 | /* | ||
325 | * It's a list, check it. | ||
326 | */ | ||
327 | for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) { | ||
328 | ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i); | ||
329 | ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1); | ||
330 | ASN1_INTEGER *a_min, *a_max, *b_min, *b_max; | ||
331 | |||
332 | extract_min_max(a, &a_min, &a_max); | ||
333 | extract_min_max(b, &b_min, &b_max); | ||
334 | |||
335 | /* | ||
336 | * Punt misordered list, overlapping start, or inverted range. | ||
337 | */ | ||
338 | if (ASN1_INTEGER_cmp(a_min, b_min) >= 0 || | ||
339 | ASN1_INTEGER_cmp(a_min, a_max) > 0 || | ||
340 | ASN1_INTEGER_cmp(b_min, b_max) > 0) | ||
341 | goto done; | ||
342 | |||
343 | /* | ||
344 | * Calculate a_max + 1 to check for adjacency. | ||
345 | */ | ||
346 | if ((bn == NULL && (bn = BN_new()) == NULL) || | ||
347 | ASN1_INTEGER_to_BN(a_max, bn) == NULL || | ||
348 | !BN_add_word(bn, 1) || | ||
349 | (a_max_plus_one = BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) { | ||
350 | X509V3err(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL, | ||
351 | ERR_R_MALLOC_FAILURE); | ||
352 | goto done; | ||
353 | } | ||
354 | |||
355 | /* | ||
356 | * Punt if adjacent or overlapping. | ||
357 | */ | ||
358 | if (ASN1_INTEGER_cmp(a_max_plus_one, b_min) >= 0) | ||
359 | goto done; | ||
360 | } | ||
361 | |||
362 | ret = 1; | ||
363 | |||
364 | done: | ||
365 | ASN1_INTEGER_free(a_max_plus_one); | ||
366 | BN_free(bn); | ||
367 | return ret; | ||
368 | } | ||
369 | |||
370 | /* | ||
371 | * Check whether an ASIdentifier extension is in canonical form. | ||
372 | */ | ||
373 | int v3_asid_is_canonical(ASIdentifiers *asid) | ||
374 | { | ||
375 | return (asid == NULL || | ||
376 | (ASIdentifierChoice_is_canonical(asid->asnum) || | ||
377 | ASIdentifierChoice_is_canonical(asid->rdi))); | ||
378 | } | ||
379 | |||
380 | /* | ||
381 | * Whack an ASIdentifierChoice into canonical form. | ||
382 | */ | ||
383 | static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) | ||
384 | { | ||
385 | ASN1_INTEGER *a_max_plus_one = NULL; | ||
386 | BIGNUM *bn = NULL; | ||
387 | int i, ret = 0; | ||
388 | |||
389 | /* | ||
390 | * Nothing to do for empty element or inheritance. | ||
391 | */ | ||
392 | if (choice == NULL || choice->type == ASIdentifierChoice_inherit) | ||
393 | return 1; | ||
394 | |||
395 | /* | ||
396 | * We have a list. Sort it. | ||
397 | */ | ||
398 | assert(choice->type == ASIdentifierChoice_asIdsOrRanges); | ||
399 | sk_ASIdOrRange_sort(choice->u.asIdsOrRanges); | ||
400 | |||
401 | /* | ||
402 | * Now check for errors and suboptimal encoding, rejecting the | ||
403 | * former and fixing the latter. | ||
404 | */ | ||
405 | for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) { | ||
406 | ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i); | ||
407 | ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1); | ||
408 | ASN1_INTEGER *a_min, *a_max, *b_min, *b_max; | ||
409 | |||
410 | extract_min_max(a, &a_min, &a_max); | ||
411 | extract_min_max(b, &b_min, &b_max); | ||
412 | |||
413 | /* | ||
414 | * Make sure we're properly sorted (paranoia). | ||
415 | */ | ||
416 | assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0); | ||
417 | |||
418 | /* | ||
419 | * Check for overlaps. | ||
420 | */ | ||
421 | if (ASN1_INTEGER_cmp(a_max, b_min) >= 0) { | ||
422 | X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, | ||
423 | X509V3_R_EXTENSION_VALUE_ERROR); | ||
424 | goto done; | ||
425 | } | ||
426 | |||
427 | /* | ||
428 | * Calculate a_max + 1 to check for adjacency. | ||
429 | */ | ||
430 | if ((bn == NULL && (bn = BN_new()) == NULL) || | ||
431 | ASN1_INTEGER_to_BN(a_max, bn) == NULL || | ||
432 | !BN_add_word(bn, 1) || | ||
433 | (a_max_plus_one = BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) { | ||
434 | X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, ERR_R_MALLOC_FAILURE); | ||
435 | goto done; | ||
436 | } | ||
437 | |||
438 | /* | ||
439 | * If a and b are adjacent, merge them. | ||
440 | */ | ||
441 | if (ASN1_INTEGER_cmp(a_max_plus_one, b_min) == 0) { | ||
442 | ASRange *r; | ||
443 | switch (a->type) { | ||
444 | case ASIdOrRange_id: | ||
445 | if ((r = OPENSSL_malloc(sizeof(ASRange))) == NULL) { | ||
446 | X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, | ||
447 | ERR_R_MALLOC_FAILURE); | ||
448 | goto done; | ||
449 | } | ||
450 | r->min = a_min; | ||
451 | r->max = b_max; | ||
452 | a->type = ASIdOrRange_range; | ||
453 | a->u.range = r; | ||
454 | break; | ||
455 | case ASIdOrRange_range: | ||
456 | ASN1_INTEGER_free(a->u.range->max); | ||
457 | a->u.range->max = b_max; | ||
458 | break; | ||
459 | } | ||
460 | switch (b->type) { | ||
461 | case ASIdOrRange_id: | ||
462 | b->u.id = NULL; | ||
463 | break; | ||
464 | case ASIdOrRange_range: | ||
465 | b->u.range->max = NULL; | ||
466 | break; | ||
467 | } | ||
468 | ASIdOrRange_free(b); | ||
469 | sk_ASIdOrRange_delete(choice->u.asIdsOrRanges, i + 1); | ||
470 | i--; | ||
471 | continue; | ||
472 | } | ||
473 | } | ||
474 | |||
475 | assert(ASIdentifierChoice_is_canonical(choice)); /* Paranoia */ | ||
476 | |||
477 | ret = 1; | ||
478 | |||
479 | done: | ||
480 | ASN1_INTEGER_free(a_max_plus_one); | ||
481 | BN_free(bn); | ||
482 | return ret; | ||
483 | } | ||
484 | |||
485 | /* | ||
486 | * Whack an ASIdentifier extension into canonical form. | ||
487 | */ | ||
488 | int v3_asid_canonize(ASIdentifiers *asid) | ||
489 | { | ||
490 | return (asid == NULL || | ||
491 | (ASIdentifierChoice_canonize(asid->asnum) && | ||
492 | ASIdentifierChoice_canonize(asid->rdi))); | ||
493 | } | ||
494 | |||
495 | /* | ||
496 | * v2i method for an ASIdentifier extension. | ||
497 | */ | ||
498 | static void *v2i_ASIdentifiers(const struct v3_ext_method *method, | ||
499 | struct v3_ext_ctx *ctx, | ||
500 | STACK_OF(CONF_VALUE) *values) | ||
501 | { | ||
502 | ASIdentifiers *asid = NULL; | ||
503 | int i; | ||
504 | |||
505 | if ((asid = ASIdentifiers_new()) == NULL) { | ||
506 | X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE); | ||
507 | return NULL; | ||
508 | } | ||
509 | |||
510 | for (i = 0; i < sk_CONF_VALUE_num(values); i++) { | ||
511 | CONF_VALUE *val = sk_CONF_VALUE_value(values, i); | ||
512 | ASN1_INTEGER *min = NULL, *max = NULL; | ||
513 | int i1, i2, i3, is_range, which; | ||
514 | |||
515 | /* | ||
516 | * Figure out whether this is an AS or an RDI. | ||
517 | */ | ||
518 | if ( !name_cmp(val->name, "AS")) { | ||
519 | which = V3_ASID_ASNUM; | ||
520 | } else if (!name_cmp(val->name, "RDI")) { | ||
521 | which = V3_ASID_RDI; | ||
522 | } else { | ||
523 | X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_EXTENSION_NAME_ERROR); | ||
524 | X509V3_conf_err(val); | ||
525 | goto err; | ||
526 | } | ||
527 | |||
528 | /* | ||
529 | * Handle inheritance. | ||
530 | */ | ||
531 | if (!strcmp(val->value, "inherit")) { | ||
532 | if (v3_asid_add_inherit(asid, which)) | ||
533 | continue; | ||
534 | X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_INVALID_INHERITANCE); | ||
535 | X509V3_conf_err(val); | ||
536 | goto err; | ||
537 | } | ||
538 | |||
539 | /* | ||
540 | * Number, range, or mistake, pick it apart and figure out which. | ||
541 | */ | ||
542 | i1 = strspn(val->value, "0123456789"); | ||
543 | if (val->value[i1] == '\0') { | ||
544 | is_range = 0; | ||
545 | } else { | ||
546 | is_range = 1; | ||
547 | i2 = i1 + strspn(val->value + i1, " \t"); | ||
548 | if (val->value[i2] != '-') { | ||
549 | X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_INVALID_ASNUMBER); | ||
550 | X509V3_conf_err(val); | ||
551 | goto err; | ||
552 | } | ||
553 | i2++; | ||
554 | i2 = i2 + strspn(val->value + i2, " \t"); | ||
555 | i3 = i2 + strspn(val->value + i2, "0123456789"); | ||
556 | if (val->value[i3] != '\0') { | ||
557 | X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_INVALID_ASRANGE); | ||
558 | X509V3_conf_err(val); | ||
559 | goto err; | ||
560 | } | ||
561 | } | ||
562 | |||
563 | /* | ||
564 | * Syntax is ok, read and add it. | ||
565 | */ | ||
566 | if (!is_range) { | ||
567 | if (!X509V3_get_value_int(val, &min)) { | ||
568 | X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE); | ||
569 | goto err; | ||
570 | } | ||
571 | } else { | ||
572 | char *s = BUF_strdup(val->value); | ||
573 | if (s == NULL) { | ||
574 | X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE); | ||
575 | goto err; | ||
576 | } | ||
577 | s[i1] = '\0'; | ||
578 | min = s2i_ASN1_INTEGER(NULL, s); | ||
579 | max = s2i_ASN1_INTEGER(NULL, s + i2); | ||
580 | OPENSSL_free(s); | ||
581 | if (min == NULL || max == NULL) { | ||
582 | ASN1_INTEGER_free(min); | ||
583 | ASN1_INTEGER_free(max); | ||
584 | X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE); | ||
585 | goto err; | ||
586 | } | ||
587 | } | ||
588 | if (!v3_asid_add_id_or_range(asid, which, min, max)) { | ||
589 | ASN1_INTEGER_free(min); | ||
590 | ASN1_INTEGER_free(max); | ||
591 | X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE); | ||
592 | goto err; | ||
593 | } | ||
594 | } | ||
595 | |||
596 | /* | ||
597 | * Canonize the result, then we're done. | ||
598 | */ | ||
599 | if (!v3_asid_canonize(asid)) | ||
600 | goto err; | ||
601 | return asid; | ||
602 | |||
603 | err: | ||
604 | ASIdentifiers_free(asid); | ||
605 | return NULL; | ||
606 | } | ||
607 | |||
608 | /* | ||
609 | * OpenSSL dispatch. | ||
610 | */ | ||
611 | const X509V3_EXT_METHOD v3_asid = { | ||
612 | NID_sbgp_autonomousSysNum, /* nid */ | ||
613 | 0, /* flags */ | ||
614 | ASN1_ITEM_ref(ASIdentifiers), /* template */ | ||
615 | 0, 0, 0, 0, /* old functions, ignored */ | ||
616 | 0, /* i2s */ | ||
617 | 0, /* s2i */ | ||
618 | 0, /* i2v */ | ||
619 | v2i_ASIdentifiers, /* v2i */ | ||
620 | i2r_ASIdentifiers, /* i2r */ | ||
621 | 0, /* r2i */ | ||
622 | NULL /* extension-specific data */ | ||
623 | }; | ||
624 | |||
625 | /* | ||
626 | * Figure out whether extension uses inheritance. | ||
627 | */ | ||
628 | int v3_asid_inherits(ASIdentifiers *asid) | ||
629 | { | ||
630 | return (asid != NULL && | ||
631 | ((asid->asnum != NULL && | ||
632 | asid->asnum->type == ASIdentifierChoice_inherit) || | ||
633 | (asid->rdi != NULL && | ||
634 | asid->rdi->type == ASIdentifierChoice_inherit))); | ||
635 | } | ||
636 | |||
637 | /* | ||
638 | * Figure out whether parent contains child. | ||
639 | */ | ||
640 | static int asid_contains(ASIdOrRanges *parent, ASIdOrRanges *child) | ||
641 | { | ||
642 | ASN1_INTEGER *p_min, *p_max, *c_min, *c_max; | ||
643 | int p, c; | ||
644 | |||
645 | if (child == NULL || parent == child) | ||
646 | return 1; | ||
647 | if (parent == NULL) | ||
648 | return 0; | ||
649 | |||
650 | p = 0; | ||
651 | for (c = 0; c < sk_ASIdOrRange_num(child); c++) { | ||
652 | extract_min_max(sk_ASIdOrRange_value(child, c), &c_min, &c_max); | ||
653 | for (;; p++) { | ||
654 | if (p >= sk_ASIdOrRange_num(parent)) | ||
655 | return 0; | ||
656 | extract_min_max(sk_ASIdOrRange_value(parent, p), &p_min, &p_max); | ||
657 | if (ASN1_INTEGER_cmp(p_max, c_max) < 0) | ||
658 | continue; | ||
659 | if (ASN1_INTEGER_cmp(p_min, c_min) > 0) | ||
660 | return 0; | ||
661 | break; | ||
662 | } | ||
663 | } | ||
664 | |||
665 | return 1; | ||
666 | } | ||
667 | |||
668 | /* | ||
669 | * Test whether a is a subet of b. | ||
670 | */ | ||
671 | int v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b) | ||
672 | { | ||
673 | return (a == NULL || | ||
674 | a == b || | ||
675 | (b != NULL && | ||
676 | !v3_asid_inherits(a) && | ||
677 | !v3_asid_inherits(b) && | ||
678 | asid_contains(b->asnum->u.asIdsOrRanges, | ||
679 | a->asnum->u.asIdsOrRanges) && | ||
680 | asid_contains(b->rdi->u.asIdsOrRanges, | ||
681 | a->rdi->u.asIdsOrRanges))); | ||
682 | } | ||
683 | |||
684 | /* | ||
685 | * Validation error handling via callback. | ||
686 | */ | ||
687 | #define validation_err(_err_) \ | ||
688 | do { \ | ||
689 | if (ctx != NULL) { \ | ||
690 | ctx->error = _err_; \ | ||
691 | ctx->error_depth = i; \ | ||
692 | ctx->current_cert = x; \ | ||
693 | ret = ctx->verify_cb(0, ctx); \ | ||
694 | } else { \ | ||
695 | ret = 0; \ | ||
696 | } \ | ||
697 | if (!ret) \ | ||
698 | goto done; \ | ||
699 | } while (0) | ||
700 | |||
701 | /* | ||
702 | * Core code for RFC 3779 3.3 path validation. | ||
703 | */ | ||
704 | static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx, | ||
705 | STACK_OF(X509) *chain, | ||
706 | ASIdentifiers *ext) | ||
707 | { | ||
708 | ASIdOrRanges *child_as = NULL, *child_rdi = NULL; | ||
709 | int i, ret = 1, inherit_as = 0, inherit_rdi = 0; | ||
710 | X509 *x; | ||
711 | |||
712 | assert(chain != NULL && sk_X509_num(chain) > 0); | ||
713 | assert(ctx != NULL || ext != NULL); | ||
714 | assert(ctx == NULL || ctx->verify_cb != NULL); | ||
715 | |||
716 | /* | ||
717 | * Figure out where to start. If we don't have an extension to | ||
718 | * check, we're done. Otherwise, check canonical form and | ||
719 | * set up for walking up the chain. | ||
720 | */ | ||
721 | if (ext != NULL) { | ||
722 | i = -1; | ||
723 | x = NULL; | ||
724 | } else { | ||
725 | i = 0; | ||
726 | x = sk_X509_value(chain, i); | ||
727 | assert(x != NULL); | ||
728 | if ((ext = x->rfc3779_asid) == NULL) | ||
729 | goto done; | ||
730 | } | ||
731 | if (!v3_asid_is_canonical(ext)) | ||
732 | validation_err(X509_V_ERR_INVALID_EXTENSION); | ||
733 | if (ext->asnum != NULL) { | ||
734 | switch (ext->asnum->type) { | ||
735 | case ASIdentifierChoice_inherit: | ||
736 | inherit_as = 1; | ||
737 | break; | ||
738 | case ASIdentifierChoice_asIdsOrRanges: | ||
739 | child_as = ext->asnum->u.asIdsOrRanges; | ||
740 | break; | ||
741 | } | ||
742 | } | ||
743 | if (ext->rdi != NULL) { | ||
744 | switch (ext->rdi->type) { | ||
745 | case ASIdentifierChoice_inherit: | ||
746 | inherit_rdi = 1; | ||
747 | break; | ||
748 | case ASIdentifierChoice_asIdsOrRanges: | ||
749 | child_rdi = ext->rdi->u.asIdsOrRanges; | ||
750 | break; | ||
751 | } | ||
752 | } | ||
753 | |||
754 | /* | ||
755 | * Now walk up the chain. Extensions must be in canonical form, no | ||
756 | * cert may list resources that its parent doesn't list. | ||
757 | */ | ||
758 | for (i++; i < sk_X509_num(chain); i++) { | ||
759 | x = sk_X509_value(chain, i); | ||
760 | assert(x != NULL); | ||
761 | if (x->rfc3779_asid == NULL) { | ||
762 | if (child_as != NULL || child_rdi != NULL) | ||
763 | validation_err(X509_V_ERR_UNNESTED_RESOURCE); | ||
764 | continue; | ||
765 | } | ||
766 | if (!v3_asid_is_canonical(x->rfc3779_asid)) | ||
767 | validation_err(X509_V_ERR_INVALID_EXTENSION); | ||
768 | if (x->rfc3779_asid->asnum == NULL && child_as != NULL) { | ||
769 | validation_err(X509_V_ERR_UNNESTED_RESOURCE); | ||
770 | child_as = NULL; | ||
771 | inherit_as = 0; | ||
772 | } | ||
773 | if (x->rfc3779_asid->asnum != NULL && | ||
774 | x->rfc3779_asid->asnum->type == ASIdentifierChoice_asIdsOrRanges) { | ||
775 | if (inherit_as || | ||
776 | asid_contains(x->rfc3779_asid->asnum->u.asIdsOrRanges, child_as)) { | ||
777 | child_as = x->rfc3779_asid->asnum->u.asIdsOrRanges; | ||
778 | inherit_as = 0; | ||
779 | } else { | ||
780 | validation_err(X509_V_ERR_UNNESTED_RESOURCE); | ||
781 | } | ||
782 | } | ||
783 | if (x->rfc3779_asid->rdi == NULL && child_rdi != NULL) { | ||
784 | validation_err(X509_V_ERR_UNNESTED_RESOURCE); | ||
785 | child_rdi = NULL; | ||
786 | inherit_rdi = 0; | ||
787 | } | ||
788 | if (x->rfc3779_asid->rdi != NULL && | ||
789 | x->rfc3779_asid->rdi->type == ASIdentifierChoice_asIdsOrRanges) { | ||
790 | if (inherit_rdi || | ||
791 | asid_contains(x->rfc3779_asid->rdi->u.asIdsOrRanges, child_rdi)) { | ||
792 | child_rdi = x->rfc3779_asid->rdi->u.asIdsOrRanges; | ||
793 | inherit_rdi = 0; | ||
794 | } else { | ||
795 | validation_err(X509_V_ERR_UNNESTED_RESOURCE); | ||
796 | } | ||
797 | } | ||
798 | } | ||
799 | |||
800 | /* | ||
801 | * Trust anchor can't inherit. | ||
802 | */ | ||
803 | assert(x != NULL); | ||
804 | if (x->rfc3779_asid != NULL) { | ||
805 | if (x->rfc3779_asid->asnum != NULL && | ||
806 | x->rfc3779_asid->asnum->type == ASIdentifierChoice_inherit) | ||
807 | validation_err(X509_V_ERR_UNNESTED_RESOURCE); | ||
808 | if (x->rfc3779_asid->rdi != NULL && | ||
809 | x->rfc3779_asid->rdi->type == ASIdentifierChoice_inherit) | ||
810 | validation_err(X509_V_ERR_UNNESTED_RESOURCE); | ||
811 | } | ||
812 | |||
813 | done: | ||
814 | return ret; | ||
815 | } | ||
816 | |||
817 | #undef validation_err | ||
818 | |||
819 | /* | ||
820 | * RFC 3779 3.3 path validation -- called from X509_verify_cert(). | ||
821 | */ | ||
822 | int v3_asid_validate_path(X509_STORE_CTX *ctx) | ||
823 | { | ||
824 | return v3_asid_validate_path_internal(ctx, ctx->chain, NULL); | ||
825 | } | ||
826 | |||
827 | /* | ||
828 | * RFC 3779 3.3 path validation of an extension. | ||
829 | * Test whether chain covers extension. | ||
830 | */ | ||
831 | int v3_asid_validate_resource_set(STACK_OF(X509) *chain, | ||
832 | ASIdentifiers *ext, | ||
833 | int allow_inheritance) | ||
834 | { | ||
835 | if (ext == NULL) | ||
836 | return 1; | ||
837 | if (chain == NULL || sk_X509_num(chain) == 0) | ||
838 | return 0; | ||
839 | if (!allow_inheritance && v3_asid_inherits(ext)) | ||
840 | return 0; | ||
841 | return v3_asid_validate_path_internal(NULL, chain, ext); | ||
842 | } | ||
843 | |||
844 | #endif /* OPENSSL_NO_RFC3779 */ | ||
diff --git a/src/lib/libcrypto/x509v3/v3conf.c b/src/lib/libcrypto/x509v3/v3conf.c new file mode 100644 index 0000000000..a9e6ca3542 --- /dev/null +++ b/src/lib/libcrypto/x509v3/v3conf.c | |||
@@ -0,0 +1,127 @@ | |||
1 | /* v3conf.c */ | ||
2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | ||
3 | * project 1999. | ||
4 | */ | ||
5 | /* ==================================================================== | ||
6 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | ||
7 | * | ||
8 | * Redistribution and use in source and binary forms, with or without | ||
9 | * modification, are permitted provided that the following conditions | ||
10 | * are met: | ||
11 | * | ||
12 | * 1. Redistributions of source code must retain the above copyright | ||
13 | * notice, this list of conditions and the following disclaimer. | ||
14 | * | ||
15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
16 | * notice, this list of conditions and the following disclaimer in | ||
17 | * the documentation and/or other materials provided with the | ||
18 | * distribution. | ||
19 | * | ||
20 | * 3. All advertising materials mentioning features or use of this | ||
21 | * software must display the following acknowledgment: | ||
22 | * "This product includes software developed by the OpenSSL Project | ||
23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
24 | * | ||
25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
26 | * endorse or promote products derived from this software without | ||
27 | * prior written permission. For written permission, please contact | ||
28 | * licensing@OpenSSL.org. | ||
29 | * | ||
30 | * 5. Products derived from this software may not be called "OpenSSL" | ||
31 | * nor may "OpenSSL" appear in their names without prior written | ||
32 | * permission of the OpenSSL Project. | ||
33 | * | ||
34 | * 6. Redistributions of any form whatsoever must retain the following | ||
35 | * acknowledgment: | ||
36 | * "This product includes software developed by the OpenSSL Project | ||
37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
38 | * | ||
39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
51 | * ==================================================================== | ||
52 | * | ||
53 | * This product includes cryptographic software written by Eric Young | ||
54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
55 | * Hudson (tjh@cryptsoft.com). | ||
56 | * | ||
57 | */ | ||
58 | |||
59 | |||
60 | #include <stdio.h> | ||
61 | #include "cryptlib.h" | ||
62 | #include <openssl/asn1.h> | ||
63 | #include <openssl/conf.h> | ||
64 | #include <openssl/x509.h> | ||
65 | #include <openssl/x509v3.h> | ||
66 | |||
67 | /* Test application to add extensions from a config file */ | ||
68 | |||
69 | int main(int argc, char **argv) | ||
70 | { | ||
71 | LHASH *conf; | ||
72 | X509 *cert; | ||
73 | FILE *inf; | ||
74 | char *conf_file; | ||
75 | int i; | ||
76 | int count; | ||
77 | X509_EXTENSION *ext; | ||
78 | X509V3_add_standard_extensions(); | ||
79 | ERR_load_crypto_strings(); | ||
80 | if(!argv[1]) { | ||
81 | fprintf(stderr, "Usage: v3conf cert.pem [file.cnf]\n"); | ||
82 | exit(1); | ||
83 | } | ||
84 | conf_file = argv[2]; | ||
85 | if(!conf_file) conf_file = "test.cnf"; | ||
86 | conf = CONF_load(NULL, "test.cnf", NULL); | ||
87 | if(!conf) { | ||
88 | fprintf(stderr, "Error opening Config file %s\n", conf_file); | ||
89 | ERR_print_errors_fp(stderr); | ||
90 | exit(1); | ||
91 | } | ||
92 | |||
93 | inf = fopen(argv[1], "r"); | ||
94 | if(!inf) { | ||
95 | fprintf(stderr, "Can't open certificate file %s\n", argv[1]); | ||
96 | exit(1); | ||
97 | } | ||
98 | cert = PEM_read_X509(inf, NULL, NULL); | ||
99 | if(!cert) { | ||
100 | fprintf(stderr, "Error reading certificate file %s\n", argv[1]); | ||
101 | exit(1); | ||
102 | } | ||
103 | fclose(inf); | ||
104 | |||
105 | sk_pop_free(cert->cert_info->extensions, X509_EXTENSION_free); | ||
106 | cert->cert_info->extensions = NULL; | ||
107 | |||
108 | if(!X509V3_EXT_add_conf(conf, NULL, "test_section", cert)) { | ||
109 | fprintf(stderr, "Error adding extensions\n"); | ||
110 | ERR_print_errors_fp(stderr); | ||
111 | exit(1); | ||
112 | } | ||
113 | |||
114 | count = X509_get_ext_count(cert); | ||
115 | printf("%d extensions\n", count); | ||
116 | for(i = 0; i < count; i++) { | ||
117 | ext = X509_get_ext(cert, i); | ||
118 | printf("%s", OBJ_nid2ln(OBJ_obj2nid(ext->object))); | ||
119 | if(ext->critical) printf(",critical:\n"); | ||
120 | else printf(":\n"); | ||
121 | X509V3_EXT_print_fp(stdout, ext, 0, 0); | ||
122 | printf("\n"); | ||
123 | |||
124 | } | ||
125 | return 0; | ||
126 | } | ||
127 | |||
diff --git a/src/lib/libcrypto/x509v3/v3prin.c b/src/lib/libcrypto/x509v3/v3prin.c new file mode 100644 index 0000000000..d5ff268296 --- /dev/null +++ b/src/lib/libcrypto/x509v3/v3prin.c | |||
@@ -0,0 +1,99 @@ | |||
1 | /* v3prin.c */ | ||
2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | ||
3 | * project 1999. | ||
4 | */ | ||
5 | /* ==================================================================== | ||
6 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | ||
7 | * | ||
8 | * Redistribution and use in source and binary forms, with or without | ||
9 | * modification, are permitted provided that the following conditions | ||
10 | * are met: | ||
11 | * | ||
12 | * 1. Redistributions of source code must retain the above copyright | ||
13 | * notice, this list of conditions and the following disclaimer. | ||
14 | * | ||
15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
16 | * notice, this list of conditions and the following disclaimer in | ||
17 | * the documentation and/or other materials provided with the | ||
18 | * distribution. | ||
19 | * | ||
20 | * 3. All advertising materials mentioning features or use of this | ||
21 | * software must display the following acknowledgment: | ||
22 | * "This product includes software developed by the OpenSSL Project | ||
23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
24 | * | ||
25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
26 | * endorse or promote products derived from this software without | ||
27 | * prior written permission. For written permission, please contact | ||
28 | * licensing@OpenSSL.org. | ||
29 | * | ||
30 | * 5. Products derived from this software may not be called "OpenSSL" | ||
31 | * nor may "OpenSSL" appear in their names without prior written | ||
32 | * permission of the OpenSSL Project. | ||
33 | * | ||
34 | * 6. Redistributions of any form whatsoever must retain the following | ||
35 | * acknowledgment: | ||
36 | * "This product includes software developed by the OpenSSL Project | ||
37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
38 | * | ||
39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
51 | * ==================================================================== | ||
52 | * | ||
53 | * This product includes cryptographic software written by Eric Young | ||
54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
55 | * Hudson (tjh@cryptsoft.com). | ||
56 | * | ||
57 | */ | ||
58 | |||
59 | |||
60 | |||
61 | #include <stdio.h> | ||
62 | #include <openssl/asn1.h> | ||
63 | #include <openssl/conf.h> | ||
64 | #include <openssl/x509.h> | ||
65 | #include <openssl/x509v3.h> | ||
66 | |||
67 | int main(int argc, char **argv) | ||
68 | { | ||
69 | X509 *cert; | ||
70 | FILE *inf; | ||
71 | int i, count; | ||
72 | X509_EXTENSION *ext; | ||
73 | X509V3_add_standard_extensions(); | ||
74 | ERR_load_crypto_strings(); | ||
75 | if(!argv[1]) { | ||
76 | fprintf(stderr, "Usage v3prin cert.pem\n"); | ||
77 | exit(1); | ||
78 | } | ||
79 | if(!(inf = fopen(argv[1], "r"))) { | ||
80 | fprintf(stderr, "Can't open %s\n", argv[1]); | ||
81 | exit(1); | ||
82 | } | ||
83 | if(!(cert = PEM_read_X509(inf, NULL, NULL))) { | ||
84 | fprintf(stderr, "Can't read certificate %s\n", argv[1]); | ||
85 | ERR_print_errors_fp(stderr); | ||
86 | exit(1); | ||
87 | } | ||
88 | fclose(inf); | ||
89 | count = X509_get_ext_count(cert); | ||
90 | printf("%d extensions\n", count); | ||
91 | for(i = 0; i < count; i++) { | ||
92 | ext = X509_get_ext(cert, i); | ||
93 | printf("%s\n", OBJ_nid2ln(OBJ_obj2nid(ext->object))); | ||
94 | if(!X509V3_EXT_print_fp(stdout, ext, 0, 0)) ERR_print_errors_fp(stderr); | ||
95 | printf("\n"); | ||
96 | |||
97 | } | ||
98 | return 0; | ||
99 | } | ||