From 690af28bdf827ab9c81648f507eb492c9076d5d3 Mon Sep 17 00:00:00 2001 From: cvs2svn Date: Wed, 25 Oct 2000 15:23:17 +0000 Subject: This commit was manufactured by cvs2git to create branch 'OPENBSD_2_8'. --- src/lib/libcrypto/x509v3/ext_dat.h | 97 ------ src/lib/libcrypto/x509v3/v3_akey.c | 249 -------------- src/lib/libcrypto/x509v3/v3_alt.c | 401 ---------------------- src/lib/libcrypto/x509v3/v3_bcons.c | 164 --------- src/lib/libcrypto/x509v3/v3_bitst.c | 141 -------- src/lib/libcrypto/x509v3/v3_conf.c | 390 --------------------- src/lib/libcrypto/x509v3/v3_cpols.c | 655 ------------------------------------ src/lib/libcrypto/x509v3/v3_crld.c | 285 ---------------- src/lib/libcrypto/x509v3/v3_enum.c | 96 ------ src/lib/libcrypto/x509v3/v3_extku.c | 150 --------- src/lib/libcrypto/x509v3/v3_genn.c | 291 ---------------- src/lib/libcrypto/x509v3/v3_ia5.c | 113 ------- src/lib/libcrypto/x509v3/v3_info.c | 236 ------------- src/lib/libcrypto/x509v3/v3_int.c | 72 ---- src/lib/libcrypto/x509v3/v3_lib.c | 221 ------------ src/lib/libcrypto/x509v3/v3_pku.c | 151 --------- src/lib/libcrypto/x509v3/v3_prn.c | 151 --------- src/lib/libcrypto/x509v3/v3_purp.c | 463 ------------------------- src/lib/libcrypto/x509v3/v3_skey.c | 149 -------- src/lib/libcrypto/x509v3/v3_sxnet.c | 340 ------------------- src/lib/libcrypto/x509v3/v3_utl.c | 418 ----------------------- src/lib/libcrypto/x509v3/v3err.c | 176 ---------- src/lib/libcrypto/x509v3/x509v3.h | 644 ----------------------------------- 23 files changed, 6053 deletions(-) delete mode 100644 src/lib/libcrypto/x509v3/ext_dat.h delete mode 100644 src/lib/libcrypto/x509v3/v3_akey.c delete mode 100644 src/lib/libcrypto/x509v3/v3_alt.c delete mode 100644 src/lib/libcrypto/x509v3/v3_bcons.c delete mode 100644 src/lib/libcrypto/x509v3/v3_bitst.c delete mode 100644 src/lib/libcrypto/x509v3/v3_conf.c delete mode 100644 src/lib/libcrypto/x509v3/v3_cpols.c delete mode 100644 src/lib/libcrypto/x509v3/v3_crld.c delete mode 100644 src/lib/libcrypto/x509v3/v3_enum.c delete mode 100644 src/lib/libcrypto/x509v3/v3_extku.c delete mode 100644 src/lib/libcrypto/x509v3/v3_genn.c delete mode 100644 src/lib/libcrypto/x509v3/v3_ia5.c delete mode 100644 src/lib/libcrypto/x509v3/v3_info.c delete mode 100644 src/lib/libcrypto/x509v3/v3_int.c delete mode 100644 src/lib/libcrypto/x509v3/v3_lib.c delete mode 100644 src/lib/libcrypto/x509v3/v3_pku.c delete mode 100644 src/lib/libcrypto/x509v3/v3_prn.c delete mode 100644 src/lib/libcrypto/x509v3/v3_purp.c delete mode 100644 src/lib/libcrypto/x509v3/v3_skey.c delete mode 100644 src/lib/libcrypto/x509v3/v3_sxnet.c delete mode 100644 src/lib/libcrypto/x509v3/v3_utl.c delete mode 100644 src/lib/libcrypto/x509v3/v3err.c delete mode 100644 src/lib/libcrypto/x509v3/x509v3.h (limited to 'src/lib/libcrypto/x509v3') diff --git a/src/lib/libcrypto/x509v3/ext_dat.h b/src/lib/libcrypto/x509v3/ext_dat.h deleted file mode 100644 index 801a585a52..0000000000 --- a/src/lib/libcrypto/x509v3/ext_dat.h +++ /dev/null @@ -1,97 +0,0 @@ -/* ext_dat.h */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* This file contains a table of "standard" extensions */ - -extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku; -extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info; -extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id; -extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_cpols, v3_crld; - -/* This table will be searched using OBJ_bsearch so it *must* kept in - * order of the ext_nid values. - */ - -static X509V3_EXT_METHOD *standard_exts[] = { -&v3_nscert, -&v3_ns_ia5_list[0], -&v3_ns_ia5_list[1], -&v3_ns_ia5_list[2], -&v3_ns_ia5_list[3], -&v3_ns_ia5_list[4], -&v3_ns_ia5_list[5], -&v3_ns_ia5_list[6], -&v3_skey_id, -&v3_key_usage, -&v3_pkey_usage_period, -&v3_alt[0], -&v3_alt[1], -&v3_bcons, -&v3_crl_num, -&v3_cpols, -&v3_akey_id, -&v3_crld, -&v3_ext_ku, -&v3_crl_reason, -&v3_sxnet, -&v3_info, -}; - -/* Number of standard extensions */ - -#define STANDARD_EXTENSION_COUNT (sizeof(standard_exts)/sizeof(X509V3_EXT_METHOD *)) - diff --git a/src/lib/libcrypto/x509v3/v3_akey.c b/src/lib/libcrypto/x509v3/v3_akey.c deleted file mode 100644 index 96c04fe4f5..0000000000 --- a/src/lib/libcrypto/x509v3/v3_akey.c +++ /dev/null @@ -1,249 +0,0 @@ -/* v3_akey.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include "cryptlib.h" -#include -#include -#include -#include - -static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, - AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist); -static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values); - -X509V3_EXT_METHOD v3_akey_id = { -NID_authority_key_identifier, X509V3_EXT_MULTILINE, -(X509V3_EXT_NEW)AUTHORITY_KEYID_new, -(X509V3_EXT_FREE)AUTHORITY_KEYID_free, -(X509V3_EXT_D2I)d2i_AUTHORITY_KEYID, -(X509V3_EXT_I2D)i2d_AUTHORITY_KEYID, -NULL, NULL, -(X509V3_EXT_I2V)i2v_AUTHORITY_KEYID, -(X509V3_EXT_V2I)v2i_AUTHORITY_KEYID, -NULL,NULL, -NULL -}; - - -int i2d_AUTHORITY_KEYID(AUTHORITY_KEYID *a, unsigned char **pp) -{ - M_ASN1_I2D_vars(a); - - M_ASN1_I2D_len_IMP_opt (a->keyid, i2d_ASN1_OCTET_STRING); - M_ASN1_I2D_len_IMP_opt (a->issuer, i2d_GENERAL_NAMES); - M_ASN1_I2D_len_IMP_opt (a->serial, i2d_ASN1_INTEGER); - - M_ASN1_I2D_seq_total(); - - M_ASN1_I2D_put_IMP_opt (a->keyid, i2d_ASN1_OCTET_STRING, 0); - M_ASN1_I2D_put_IMP_opt (a->issuer, i2d_GENERAL_NAMES, 1); - M_ASN1_I2D_put_IMP_opt (a->serial, i2d_ASN1_INTEGER, 2); - - M_ASN1_I2D_finish(); -} - -AUTHORITY_KEYID *AUTHORITY_KEYID_new(void) -{ - AUTHORITY_KEYID *ret=NULL; - ASN1_CTX c; - M_ASN1_New_Malloc(ret, AUTHORITY_KEYID); - ret->keyid = NULL; - ret->issuer = NULL; - ret->serial = NULL; - return (ret); - M_ASN1_New_Error(ASN1_F_AUTHORITY_KEYID_NEW); -} - -AUTHORITY_KEYID *d2i_AUTHORITY_KEYID(AUTHORITY_KEYID **a, unsigned char **pp, - long length) -{ - M_ASN1_D2I_vars(a,AUTHORITY_KEYID *,AUTHORITY_KEYID_new); - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - M_ASN1_D2I_get_IMP_opt (ret->keyid, d2i_ASN1_OCTET_STRING, 0, - V_ASN1_OCTET_STRING); - M_ASN1_D2I_get_IMP_opt (ret->issuer, d2i_GENERAL_NAMES, 1, - V_ASN1_SEQUENCE); - M_ASN1_D2I_get_IMP_opt (ret->serial, d2i_ASN1_INTEGER, 2, - V_ASN1_INTEGER); - M_ASN1_D2I_Finish(a, AUTHORITY_KEYID_free, ASN1_F_D2I_AUTHORITY_KEYID); -} - -void AUTHORITY_KEYID_free(AUTHORITY_KEYID *a) -{ - if (a == NULL) return; - M_ASN1_OCTET_STRING_free(a->keyid); - sk_GENERAL_NAME_pop_free(a->issuer, GENERAL_NAME_free); - M_ASN1_INTEGER_free (a->serial); - Free (a); -} - -static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, - AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist) -{ - char *tmp; - if(akeyid->keyid) { - tmp = hex_to_string(akeyid->keyid->data, akeyid->keyid->length); - X509V3_add_value("keyid", tmp, &extlist); - Free(tmp); - } - if(akeyid->issuer) - extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist); - if(akeyid->serial) { - tmp = hex_to_string(akeyid->serial->data, - akeyid->serial->length); - X509V3_add_value("serial", tmp, &extlist); - Free(tmp); - } - return extlist; -} - -/* Currently two options: - * keyid: use the issuers subject keyid, the value 'always' means its is - * an error if the issuer certificate doesn't have a key id. - * issuer: use the issuers cert issuer and serial number. The default is - * to only use this if keyid is not present. With the option 'always' - * this is always included. - */ - -static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values) -{ -char keyid=0, issuer=0; -int i; -CONF_VALUE *cnf; -ASN1_OCTET_STRING *ikeyid = NULL; -X509_NAME *isname = NULL; -STACK_OF(GENERAL_NAME) * gens = NULL; -GENERAL_NAME *gen = NULL; -ASN1_INTEGER *serial = NULL; -X509_EXTENSION *ext; -X509 *cert; -AUTHORITY_KEYID *akeyid; -for(i = 0; i < sk_CONF_VALUE_num(values); i++) { - cnf = sk_CONF_VALUE_value(values, i); - if(!strcmp(cnf->name, "keyid")) { - keyid = 1; - if(cnf->value && !strcmp(cnf->value, "always")) keyid = 2; - } else if(!strcmp(cnf->name, "issuer")) { - issuer = 1; - if(cnf->value && !strcmp(cnf->value, "always")) issuer = 2; - } else { - X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNKNOWN_OPTION); - ERR_add_error_data(2, "name=", cnf->name); - return NULL; - } -} - - - -if(!ctx || !ctx->issuer_cert) { - if(ctx && (ctx->flags==CTX_TEST)) return AUTHORITY_KEYID_new(); - X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_NO_ISSUER_CERTIFICATE); - return NULL; -} - -cert = ctx->issuer_cert; - -if(keyid) { - i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1); - if((i >= 0) && (ext = X509_get_ext(cert, i))) - ikeyid = X509V3_EXT_d2i(ext); - if(keyid==2 && !ikeyid) { - X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_KEYID); - return NULL; - } -} - -if((issuer && !ikeyid) || (issuer == 2)) { - isname = X509_NAME_dup(X509_get_issuer_name(cert)); - serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert)); - if(!isname || !serial) { - X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS); - goto err; - } -} - -if(!(akeyid = AUTHORITY_KEYID_new())) goto err; - -if(isname) { - if(!(gens = sk_GENERAL_NAME_new(NULL)) || !(gen = GENERAL_NAME_new()) - || !sk_GENERAL_NAME_push(gens, gen)) { - X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,ERR_R_MALLOC_FAILURE); - goto err; - } - gen->type = GEN_DIRNAME; - gen->d.dirn = isname; -} - -akeyid->issuer = gens; -akeyid->serial = serial; -akeyid->keyid = ikeyid; - -return akeyid; - -err: -X509_NAME_free(isname); -M_ASN1_INTEGER_free(serial); -M_ASN1_OCTET_STRING_free(ikeyid); -return NULL; - -} - diff --git a/src/lib/libcrypto/x509v3/v3_alt.c b/src/lib/libcrypto/x509v3/v3_alt.c deleted file mode 100644 index 5ccd1e0e3d..0000000000 --- a/src/lib/libcrypto/x509v3/v3_alt.c +++ /dev/null @@ -1,401 +0,0 @@ -/* v3_alt.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include "cryptlib.h" -#include -#include - -static STACK_OF(GENERAL_NAME) *v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); -static STACK_OF(GENERAL_NAME) *v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); -static int copy_email(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens); -static int copy_issuer(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens); -X509V3_EXT_METHOD v3_alt[] = { -{ NID_subject_alt_name, 0, -(X509V3_EXT_NEW)GENERAL_NAMES_new, -(X509V3_EXT_FREE)GENERAL_NAMES_free, -(X509V3_EXT_D2I)d2i_GENERAL_NAMES, -(X509V3_EXT_I2D)i2d_GENERAL_NAMES, -NULL, NULL, -(X509V3_EXT_I2V)i2v_GENERAL_NAMES, -(X509V3_EXT_V2I)v2i_subject_alt, -NULL, NULL, NULL}, -{ NID_issuer_alt_name, 0, -(X509V3_EXT_NEW)GENERAL_NAMES_new, -(X509V3_EXT_FREE)GENERAL_NAMES_free, -(X509V3_EXT_D2I)d2i_GENERAL_NAMES, -(X509V3_EXT_I2D)i2d_GENERAL_NAMES, -NULL, NULL, -(X509V3_EXT_I2V)i2v_GENERAL_NAMES, -(X509V3_EXT_V2I)v2i_issuer_alt, -NULL, NULL, NULL}, -}; - -STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, - STACK_OF(GENERAL_NAME) *gens, STACK_OF(CONF_VALUE) *ret) -{ - int i; - GENERAL_NAME *gen; - for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) { - gen = sk_GENERAL_NAME_value(gens, i); - ret = i2v_GENERAL_NAME(method, gen, ret); - } - if(!ret) return sk_CONF_VALUE_new_null(); - return ret; -} - -STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, - GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret) -{ - char oline[256]; - unsigned char *p; - switch (gen->type) - { - case GEN_OTHERNAME: - X509V3_add_value("othername","", &ret); - break; - - case GEN_X400: - X509V3_add_value("X400Name","", &ret); - break; - - case GEN_EDIPARTY: - X509V3_add_value("EdiPartyName","", &ret); - break; - - case GEN_EMAIL: - X509V3_add_value_uchar("email",gen->d.ia5->data, &ret); - break; - - case GEN_DNS: - X509V3_add_value_uchar("DNS",gen->d.ia5->data, &ret); - break; - - case GEN_URI: - X509V3_add_value_uchar("URI",gen->d.ia5->data, &ret); - break; - - case GEN_DIRNAME: - X509_NAME_oneline(gen->d.dirn, oline, 256); - X509V3_add_value("DirName",oline, &ret); - break; - - case GEN_IPADD: - p = gen->d.ip->data; - /* BUG: doesn't support IPV6 */ - if(gen->d.ip->length != 4) { - X509V3_add_value("IP Address","", &ret); - break; - } - sprintf(oline, "%d.%d.%d.%d", p[0], p[1], p[2], p[3]); - X509V3_add_value("IP Address",oline, &ret); - break; - - case GEN_RID: - i2t_ASN1_OBJECT(oline, 256, gen->d.rid); - X509V3_add_value("Registered ID",oline, &ret); - break; - } - return ret; -} - -static STACK_OF(GENERAL_NAME) *v2i_issuer_alt(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) -{ - STACK_OF(GENERAL_NAME) *gens = NULL; - CONF_VALUE *cnf; - int i; - if(!(gens = sk_GENERAL_NAME_new(NULL))) { - X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE); - return NULL; - } - for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { - cnf = sk_CONF_VALUE_value(nval, i); - if(!name_cmp(cnf->name, "issuer") && cnf->value && - !strcmp(cnf->value, "copy")) { - if(!copy_issuer(ctx, gens)) goto err; - } else { - GENERAL_NAME *gen; - if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) - goto err; - sk_GENERAL_NAME_push(gens, gen); - } - } - return gens; - err: - sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); - return NULL; -} - -/* Append subject altname of issuer to issuer alt name of subject */ - -static int copy_issuer(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens) -{ - STACK_OF(GENERAL_NAME) *ialt; - GENERAL_NAME *gen; - X509_EXTENSION *ext; - int i; - if(ctx && (ctx->flags == CTX_TEST)) return 1; - if(!ctx || !ctx->issuer_cert) { - X509V3err(X509V3_F_COPY_ISSUER,X509V3_R_NO_ISSUER_DETAILS); - goto err; - } - i = X509_get_ext_by_NID(ctx->issuer_cert, NID_subject_alt_name, -1); - if(i < 0) return 1; - if(!(ext = X509_get_ext(ctx->issuer_cert, i)) || - !(ialt = X509V3_EXT_d2i(ext)) ) { - X509V3err(X509V3_F_COPY_ISSUER,X509V3_R_ISSUER_DECODE_ERROR); - goto err; - } - - for(i = 0; i < sk_GENERAL_NAME_num(ialt); i++) { - gen = sk_GENERAL_NAME_value(ialt, i); - if(!sk_GENERAL_NAME_push(gens, gen)) { - X509V3err(X509V3_F_COPY_ISSUER,ERR_R_MALLOC_FAILURE); - goto err; - } - } - sk_GENERAL_NAME_free(ialt); - - return 1; - - err: - return 0; - -} - -static STACK_OF(GENERAL_NAME) *v2i_subject_alt(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) -{ - STACK_OF(GENERAL_NAME) *gens = NULL; - CONF_VALUE *cnf; - int i; - if(!(gens = sk_GENERAL_NAME_new(NULL))) { - X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE); - return NULL; - } - for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { - cnf = sk_CONF_VALUE_value(nval, i); - if(!name_cmp(cnf->name, "email") && cnf->value && - !strcmp(cnf->value, "copy")) { - if(!copy_email(ctx, gens)) goto err; - } else { - GENERAL_NAME *gen; - if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) - goto err; - sk_GENERAL_NAME_push(gens, gen); - } - } - return gens; - err: - sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); - return NULL; -} - -/* Copy any email addresses in a certificate or request to - * GENERAL_NAMES - */ - -static int copy_email(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens) -{ - X509_NAME *nm; - ASN1_IA5STRING *email = NULL; - X509_NAME_ENTRY *ne; - GENERAL_NAME *gen = NULL; - int i; - if(ctx->flags == CTX_TEST) return 1; - if(!ctx || (!ctx->subject_cert && !ctx->subject_req)) { - X509V3err(X509V3_F_COPY_EMAIL,X509V3_R_NO_SUBJECT_DETAILS); - goto err; - } - /* Find the subject name */ - if(ctx->subject_cert) nm = X509_get_subject_name(ctx->subject_cert); - else nm = X509_REQ_get_subject_name(ctx->subject_req); - - /* Now add any email address(es) to STACK */ - i = -1; - while((i = X509_NAME_get_index_by_NID(nm, - NID_pkcs9_emailAddress, i)) > 0) { - ne = X509_NAME_get_entry(nm, i); - email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne)); - if(!email || !(gen = GENERAL_NAME_new())) { - X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE); - goto err; - } - gen->d.ia5 = email; - email = NULL; - gen->type = GEN_EMAIL; - if(!sk_GENERAL_NAME_push(gens, gen)) { - X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE); - goto err; - } - gen = NULL; - } - - - return 1; - - err: - GENERAL_NAME_free(gen); - M_ASN1_IA5STRING_free(email); - return 0; - -} - -STACK_OF(GENERAL_NAME) *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) -{ - GENERAL_NAME *gen; - STACK_OF(GENERAL_NAME) *gens = NULL; - CONF_VALUE *cnf; - int i; - if(!(gens = sk_GENERAL_NAME_new(NULL))) { - X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE); - return NULL; - } - for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { - cnf = sk_CONF_VALUE_value(nval, i); - if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err; - sk_GENERAL_NAME_push(gens, gen); - } - return gens; - err: - sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); - return NULL; -} - -GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, - CONF_VALUE *cnf) -{ -char is_string = 0; -int type; -GENERAL_NAME *gen = NULL; - -char *name, *value; - -name = cnf->name; -value = cnf->value; - -if(!value) { - X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_MISSING_VALUE); - return NULL; -} - -if(!(gen = GENERAL_NAME_new())) { - X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE); - return NULL; -} - -if(!name_cmp(name, "email")) { - is_string = 1; - type = GEN_EMAIL; -} else if(!name_cmp(name, "URI")) { - is_string = 1; - type = GEN_URI; -} else if(!name_cmp(name, "DNS")) { - is_string = 1; - type = GEN_DNS; -} else if(!name_cmp(name, "RID")) { - ASN1_OBJECT *obj; - if(!(obj = OBJ_txt2obj(value,0))) { - X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_BAD_OBJECT); - ERR_add_error_data(2, "value=", value); - goto err; - } - gen->d.rid = obj; - type = GEN_RID; -} else if(!name_cmp(name, "IP")) { - int i1,i2,i3,i4; - unsigned char ip[4]; - if((sscanf(value, "%d.%d.%d.%d",&i1,&i2,&i3,&i4) != 4) || - (i1 < 0) || (i1 > 255) || (i2 < 0) || (i2 > 255) || - (i3 < 0) || (i3 > 255) || (i4 < 0) || (i4 > 255) ) { - X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_BAD_IP_ADDRESS); - ERR_add_error_data(2, "value=", value); - goto err; - } - ip[0] = i1; ip[1] = i2 ; ip[2] = i3 ; ip[3] = i4; - if(!(gen->d.ip = M_ASN1_OCTET_STRING_new()) || - !ASN1_STRING_set(gen->d.ip, ip, 4)) { - X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE); - goto err; - } - type = GEN_IPADD; -} else { - X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_UNSUPPORTED_OPTION); - ERR_add_error_data(2, "name=", name); - goto err; -} - -if(is_string) { - if(!(gen->d.ia5 = M_ASN1_IA5STRING_new()) || - !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value, - strlen(value))) { - X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE); - goto err; - } -} - -gen->type = type; - -return gen; - -err: -GENERAL_NAME_free(gen); -return NULL; -} diff --git a/src/lib/libcrypto/x509v3/v3_bcons.c b/src/lib/libcrypto/x509v3/v3_bcons.c deleted file mode 100644 index 1e3edc205f..0000000000 --- a/src/lib/libcrypto/x509v3/v3_bcons.c +++ /dev/null @@ -1,164 +0,0 @@ -/* v3_bcons.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - - -#include -#include "cryptlib.h" -#include -#include -#include -#include - -static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist); -static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values); - -X509V3_EXT_METHOD v3_bcons = { -NID_basic_constraints, 0, -(X509V3_EXT_NEW)BASIC_CONSTRAINTS_new, -(X509V3_EXT_FREE)BASIC_CONSTRAINTS_free, -(X509V3_EXT_D2I)d2i_BASIC_CONSTRAINTS, -(X509V3_EXT_I2D)i2d_BASIC_CONSTRAINTS, -NULL, NULL, -(X509V3_EXT_I2V)i2v_BASIC_CONSTRAINTS, -(X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS, -NULL,NULL, -NULL -}; - - -int i2d_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS *a, unsigned char **pp) -{ - M_ASN1_I2D_vars(a); - if(a->ca) M_ASN1_I2D_len (a->ca, i2d_ASN1_BOOLEAN); - M_ASN1_I2D_len (a->pathlen, i2d_ASN1_INTEGER); - - M_ASN1_I2D_seq_total(); - - if (a->ca) M_ASN1_I2D_put (a->ca, i2d_ASN1_BOOLEAN); - M_ASN1_I2D_put (a->pathlen, i2d_ASN1_INTEGER); - M_ASN1_I2D_finish(); -} - -BASIC_CONSTRAINTS *BASIC_CONSTRAINTS_new(void) -{ - BASIC_CONSTRAINTS *ret=NULL; - ASN1_CTX c; - M_ASN1_New_Malloc(ret, BASIC_CONSTRAINTS); - ret->ca = 0; - ret->pathlen = NULL; - return (ret); - M_ASN1_New_Error(ASN1_F_BASIC_CONSTRAINTS_NEW); -} - -BASIC_CONSTRAINTS *d2i_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS **a, - unsigned char **pp, long length) -{ - M_ASN1_D2I_vars(a,BASIC_CONSTRAINTS *,BASIC_CONSTRAINTS_new); - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - if((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) == - (V_ASN1_UNIVERSAL|V_ASN1_BOOLEAN) ) { - M_ASN1_D2I_get_int (ret->ca, d2i_ASN1_BOOLEAN); - } - M_ASN1_D2I_get_opt (ret->pathlen, d2i_ASN1_INTEGER, V_ASN1_INTEGER); - M_ASN1_D2I_Finish(a, BASIC_CONSTRAINTS_free, ASN1_F_D2I_BASIC_CONSTRAINTS); -} - -void BASIC_CONSTRAINTS_free(BASIC_CONSTRAINTS *a) -{ - if (a == NULL) return; - M_ASN1_INTEGER_free (a->pathlen); - Free (a); -} - -static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, - BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist) -{ - X509V3_add_value_bool("CA", bcons->ca, &extlist); - X509V3_add_value_int("pathlen", bcons->pathlen, &extlist); - return extlist; -} - -static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values) -{ - BASIC_CONSTRAINTS *bcons=NULL; - CONF_VALUE *val; - int i; - if(!(bcons = BASIC_CONSTRAINTS_new())) { - X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, ERR_R_MALLOC_FAILURE); - return NULL; - } - for(i = 0; i < sk_CONF_VALUE_num(values); i++) { - val = sk_CONF_VALUE_value(values, i); - if(!strcmp(val->name, "CA")) { - if(!X509V3_get_value_bool(val, &bcons->ca)) goto err; - } else if(!strcmp(val->name, "pathlen")) { - if(!X509V3_get_value_int(val, &bcons->pathlen)) goto err; - } else { - X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, X509V3_R_INVALID_NAME); - X509V3_conf_err(val); - goto err; - } - } - return bcons; - err: - BASIC_CONSTRAINTS_free(bcons); - return NULL; -} - diff --git a/src/lib/libcrypto/x509v3/v3_bitst.c b/src/lib/libcrypto/x509v3/v3_bitst.c deleted file mode 100644 index 0e1167d05c..0000000000 --- a/src/lib/libcrypto/x509v3/v3_bitst.c +++ /dev/null @@ -1,141 +0,0 @@ -/* v3_bitst.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include "cryptlib.h" -#include -#include - -static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); -static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, - ASN1_BIT_STRING *bits, - STACK_OF(CONF_VALUE) *extlist); -static BIT_STRING_BITNAME ns_cert_type_table[] = { -{0, "SSL Client", "client"}, -{1, "SSL Server", "server"}, -{2, "S/MIME", "email"}, -{3, "Object Signing", "objsign"}, -{4, "Unused", "reserved"}, -{5, "SSL CA", "sslCA"}, -{6, "S/MIME CA", "emailCA"}, -{7, "Object Signing CA", "objCA"}, -{-1, NULL, NULL} -}; - -static BIT_STRING_BITNAME key_usage_type_table[] = { -{0, "Digital Signature", "digitalSignature"}, -{1, "Non Repudiation", "nonRepudiation"}, -{2, "Key Encipherment", "keyEncipherment"}, -{3, "Data Encipherment", "dataEncipherment"}, -{4, "Key Agreement", "keyAgreement"}, -{5, "Certificate Sign", "keyCertSign"}, -{6, "CRL Sign", "cRLSign"}, -{7, "Encipher Only", "encipherOnly"}, -{8, "Decipher Only", "decipherOnly"}, -{-1, NULL, NULL} -}; - - - -X509V3_EXT_METHOD v3_nscert = EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table); -X509V3_EXT_METHOD v3_key_usage = EXT_BITSTRING(NID_key_usage, key_usage_type_table); - -static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, - ASN1_BIT_STRING *bits, STACK_OF(CONF_VALUE) *ret) -{ - BIT_STRING_BITNAME *bnam; - for(bnam =method->usr_data; bnam->lname; bnam++) { - if(ASN1_BIT_STRING_get_bit(bits, bnam->bitnum)) - X509V3_add_value(bnam->lname, NULL, &ret); - } - return ret; -} - -static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) -{ - CONF_VALUE *val; - ASN1_BIT_STRING *bs; - int i; - BIT_STRING_BITNAME *bnam; - if(!(bs = M_ASN1_BIT_STRING_new())) { - X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,ERR_R_MALLOC_FAILURE); - return NULL; - } - for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { - val = sk_CONF_VALUE_value(nval, i); - for(bnam = method->usr_data; bnam->lname; bnam++) { - if(!strcmp(bnam->sname, val->name) || - !strcmp(bnam->lname, val->name) ) { - ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1); - break; - } - } - if(!bnam->lname) { - X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, - X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT); - X509V3_conf_err(val); - M_ASN1_BIT_STRING_free(bs); - return NULL; - } - } - return bs; -} - - diff --git a/src/lib/libcrypto/x509v3/v3_conf.c b/src/lib/libcrypto/x509v3/v3_conf.c deleted file mode 100644 index b2f03010cc..0000000000 --- a/src/lib/libcrypto/x509v3/v3_conf.c +++ /dev/null @@ -1,390 +0,0 @@ -/* v3_conf.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* extension creation utilities */ - - - -#include -#include -#include "cryptlib.h" -#include -#include -#include - -static int v3_check_critical(char **value); -static int v3_check_generic(char **value); -static X509_EXTENSION *do_ext_conf(LHASH *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value); -static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type); -static char *conf_lhash_get_string(void *db, char *section, char *value); -static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section); -static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid, - int crit, void *ext_struc); -/* LHASH *conf: Config file */ -/* char *name: Name */ -/* char *value: Value */ -X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, - char *value) -{ - int crit; - int ext_type; - X509_EXTENSION *ret; - crit = v3_check_critical(&value); - if((ext_type = v3_check_generic(&value))) - return v3_generic_extension(name, value, crit, ext_type); - ret = do_ext_conf(conf, ctx, OBJ_sn2nid(name), crit, value); - if(!ret) { - X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_ERROR_IN_EXTENSION); - ERR_add_error_data(4,"name=", name, ", value=", value); - } - return ret; -} - -/* LHASH *conf: Config file */ -/* char *value: Value */ -X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, - char *value) -{ - int crit; - int ext_type; - crit = v3_check_critical(&value); - if((ext_type = v3_check_generic(&value))) - return v3_generic_extension(OBJ_nid2sn(ext_nid), - value, crit, ext_type); - return do_ext_conf(conf, ctx, ext_nid, crit, value); -} - -/* LHASH *conf: Config file */ -/* char *value: Value */ -static X509_EXTENSION *do_ext_conf(LHASH *conf, X509V3_CTX *ctx, int ext_nid, - int crit, char *value) -{ - X509V3_EXT_METHOD *method; - X509_EXTENSION *ext; - STACK_OF(CONF_VALUE) *nval; - void *ext_struc; - if(ext_nid == NID_undef) { - X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION_NAME); - return NULL; - } - if(!(method = X509V3_EXT_get_nid(ext_nid))) { - X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION); - return NULL; - } - /* Now get internal extension representation based on type */ - if(method->v2i) { - if(*value == '@') nval = CONF_get_section(conf, value + 1); - else nval = X509V3_parse_list(value); - if(!nval) { - X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_INVALID_EXTENSION_STRING); - ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value); - return NULL; - } - ext_struc = method->v2i(method, ctx, nval); - if(*value != '@') sk_CONF_VALUE_pop_free(nval, - X509V3_conf_free); - if(!ext_struc) return NULL; - } else if(method->s2i) { - if(!(ext_struc = method->s2i(method, ctx, value))) return NULL; - } else if(method->r2i) { - if(!ctx->db) { - X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_NO_CONFIG_DATABASE); - return NULL; - } - if(!(ext_struc = method->r2i(method, ctx, value))) return NULL; - } else { - X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED); - ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid)); - return NULL; - } - - ext = do_ext_i2d(method, ext_nid, crit, ext_struc); - method->ext_free(ext_struc); - return ext; - -} - -static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid, - int crit, void *ext_struc) -{ - unsigned char *ext_der, *p; - int ext_len; - ASN1_OCTET_STRING *ext_oct; - X509_EXTENSION *ext; - /* Convert internal representation to DER */ - ext_len = method->i2d(ext_struc, NULL); - if(!(ext_der = Malloc(ext_len))) goto merr; - p = ext_der; - method->i2d(ext_struc, &p); - if(!(ext_oct = M_ASN1_OCTET_STRING_new())) goto merr; - ext_oct->data = ext_der; - ext_oct->length = ext_len; - - ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct); - if(!ext) goto merr; - M_ASN1_OCTET_STRING_free(ext_oct); - - return ext; - - merr: - X509V3err(X509V3_F_DO_EXT_I2D,ERR_R_MALLOC_FAILURE); - return NULL; - -} - -/* Given an internal structure, nid and critical flag create an extension */ - -X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc) -{ - X509V3_EXT_METHOD *method; - if(!(method = X509V3_EXT_get_nid(ext_nid))) { - X509V3err(X509V3_F_X509V3_EXT_I2D,X509V3_R_UNKNOWN_EXTENSION); - return NULL; - } - return do_ext_i2d(method, ext_nid, crit, ext_struc); -} - -/* Check the extension string for critical flag */ -static int v3_check_critical(char **value) -{ - char *p = *value; - if((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0; - p+=9; - while(isspace((unsigned char)*p)) p++; - *value = p; - return 1; -} - -/* Check extension string for generic extension and return the type */ -static int v3_check_generic(char **value) -{ - char *p = *value; - if((strlen(p) < 4) || strncmp(p, "DER:,", 4)) return 0; - p+=4; - while(isspace((unsigned char)*p)) p++; - *value = p; - return 1; -} - -/* Create a generic extension: for now just handle DER type */ -static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, - int crit, int type) -{ -unsigned char *ext_der=NULL; -long ext_len; -ASN1_OBJECT *obj=NULL; -ASN1_OCTET_STRING *oct=NULL; -X509_EXTENSION *extension=NULL; -if(!(obj = OBJ_txt2obj(ext, 0))) { - X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_NAME_ERROR); - ERR_add_error_data(2, "name=", ext); - goto err; -} - -if(!(ext_der = string_to_hex(value, &ext_len))) { - X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR); - ERR_add_error_data(2, "value=", value); - goto err; -} - -if(!(oct = M_ASN1_OCTET_STRING_new())) { - X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE); - goto err; -} - -oct->data = ext_der; -oct->length = ext_len; -ext_der = NULL; - -extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct); - -err: -ASN1_OBJECT_free(obj); -M_ASN1_OCTET_STRING_free(oct); -if(ext_der) Free(ext_der); -return extension; -} - - -/* This is the main function: add a bunch of extensions based on a config file - * section - */ - -int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, - X509 *cert) -{ - X509_EXTENSION *ext; - STACK_OF(CONF_VALUE) *nval; - CONF_VALUE *val; - int i; - if(!(nval = CONF_get_section(conf, section))) return 0; - for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { - val = sk_CONF_VALUE_value(nval, i); - if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value))) - return 0; - if(cert) X509_add_ext(cert, ext, -1); - X509_EXTENSION_free(ext); - } - return 1; -} - -/* Same as above but for a CRL */ - -int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, - X509_CRL *crl) -{ - X509_EXTENSION *ext; - STACK_OF(CONF_VALUE) *nval; - CONF_VALUE *val; - int i; - if(!(nval = CONF_get_section(conf, section))) return 0; - for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { - val = sk_CONF_VALUE_value(nval, i); - if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value))) - return 0; - if(crl) X509_CRL_add_ext(crl, ext, -1); - X509_EXTENSION_free(ext); - } - return 1; -} - -/* Add extensions to certificate request */ - -int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, - X509_REQ *req) -{ - X509_EXTENSION *ext; - STACK_OF(X509_EXTENSION) *extlist = NULL; - STACK_OF(CONF_VALUE) *nval; - CONF_VALUE *val; - int i; - if(!(nval = CONF_get_section(conf, section))) return 0; - for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { - val = sk_CONF_VALUE_value(nval, i); - if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value))) - return 0; - if(!extlist) extlist = sk_X509_EXTENSION_new_null(); - sk_X509_EXTENSION_push(extlist, ext); - } - if(req) i = X509_REQ_add_extensions(req, extlist); - else i = 1; - sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free); - return i; -} - -/* Config database functions */ - -char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) -{ - if(ctx->db_meth->get_string) - return ctx->db_meth->get_string(ctx->db, name, section); - return NULL; -} - -STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section) -{ - if(ctx->db_meth->get_section) - return ctx->db_meth->get_section(ctx->db, section); - return NULL; -} - -void X509V3_string_free(X509V3_CTX *ctx, char *str) -{ - if(!str) return; - if(ctx->db_meth->free_string) - ctx->db_meth->free_string(ctx->db, str); -} - -void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section) -{ - if(!section) return; - if(ctx->db_meth->free_section) - ctx->db_meth->free_section(ctx->db, section); -} - -static char *conf_lhash_get_string(void *db, char *section, char *value) -{ - return CONF_get_string(db, section, value); -} - -static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section) -{ - return CONF_get_section(db, section); -} - -static X509V3_CONF_METHOD conf_lhash_method = { -conf_lhash_get_string, -conf_lhash_get_section, -NULL, -NULL -}; - -void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash) -{ - ctx->db_meth = &conf_lhash_method; - ctx->db = lhash; -} - -void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req, - X509_CRL *crl, int flags) -{ - ctx->issuer_cert = issuer; - ctx->subject_cert = subj; - ctx->crl = crl; - ctx->subject_req = req; - ctx->flags = flags; -} diff --git a/src/lib/libcrypto/x509v3/v3_cpols.c b/src/lib/libcrypto/x509v3/v3_cpols.c deleted file mode 100644 index 466713b50d..0000000000 --- a/src/lib/libcrypto/x509v3/v3_cpols.c +++ /dev/null @@ -1,655 +0,0 @@ -/* v3_cpols.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include "cryptlib.h" -#include -#include -#include -#include - -/* Certificate policies extension support: this one is a bit complex... */ - -static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, BIO *out, int indent); -static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *value); -static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, int indent); -static void print_notice(BIO *out, USERNOTICE *notice, int indent); -static POLICYINFO *policy_section(X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *polstrs, int ia5org); -static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *unot, int ia5org); -static STACK *nref_nos(STACK_OF(CONF_VALUE) *nos); - -X509V3_EXT_METHOD v3_cpols = { -NID_certificate_policies, 0, -(X509V3_EXT_NEW)CERTIFICATEPOLICIES_new, -(X509V3_EXT_FREE)CERTIFICATEPOLICIES_free, -(X509V3_EXT_D2I)d2i_CERTIFICATEPOLICIES, -(X509V3_EXT_I2D)i2d_CERTIFICATEPOLICIES, -NULL, NULL, -NULL, NULL, -(X509V3_EXT_I2R)i2r_certpol, -(X509V3_EXT_R2I)r2i_certpol, -NULL -}; - - -static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, char *value) -{ - STACK_OF(POLICYINFO) *pols = NULL; - char *pstr; - POLICYINFO *pol; - ASN1_OBJECT *pobj; - STACK_OF(CONF_VALUE) *vals; - CONF_VALUE *cnf; - int i, ia5org; - pols = sk_POLICYINFO_new_null(); - vals = X509V3_parse_list(value); - ia5org = 0; - for(i = 0; i < sk_CONF_VALUE_num(vals); i++) { - cnf = sk_CONF_VALUE_value(vals, i); - if(cnf->value || !cnf->name ) { - X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_POLICY_IDENTIFIER); - X509V3_conf_err(cnf); - goto err; - } - pstr = cnf->name; - if(!strcmp(pstr,"ia5org")) { - ia5org = 1; - continue; - } else if(*pstr == '@') { - STACK_OF(CONF_VALUE) *polsect; - polsect = X509V3_get_section(ctx, pstr + 1); - if(!polsect) { - X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_SECTION); - - X509V3_conf_err(cnf); - goto err; - } - pol = policy_section(ctx, polsect, ia5org); - X509V3_section_free(ctx, polsect); - if(!pol) goto err; - } else { - if(!(pobj = OBJ_txt2obj(cnf->name, 0))) { - X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_OBJECT_IDENTIFIER); - X509V3_conf_err(cnf); - goto err; - } - pol = POLICYINFO_new(); - pol->policyid = pobj; - } - sk_POLICYINFO_push(pols, pol); - } - sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); - return pols; - err: - sk_POLICYINFO_pop_free(pols, POLICYINFO_free); - return NULL; -} - -static POLICYINFO *policy_section(X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *polstrs, int ia5org) -{ - int i; - CONF_VALUE *cnf; - POLICYINFO *pol; - POLICYQUALINFO *qual; - if(!(pol = POLICYINFO_new())) goto merr; - for(i = 0; i < sk_CONF_VALUE_num(polstrs); i++) { - cnf = sk_CONF_VALUE_value(polstrs, i); - if(!strcmp(cnf->name, "policyIdentifier")) { - ASN1_OBJECT *pobj; - if(!(pobj = OBJ_txt2obj(cnf->value, 0))) { - X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_OBJECT_IDENTIFIER); - X509V3_conf_err(cnf); - goto err; - } - pol->policyid = pobj; - - } else if(!name_cmp(cnf->name, "CPS")) { - if(!pol->qualifiers) pol->qualifiers = - sk_POLICYQUALINFO_new_null(); - if(!(qual = POLICYQUALINFO_new())) goto merr; - if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) - goto merr; - qual->pqualid = OBJ_nid2obj(NID_id_qt_cps); - qual->d.cpsuri = M_ASN1_IA5STRING_new(); - if(!ASN1_STRING_set(qual->d.cpsuri, cnf->value, - strlen(cnf->value))) goto merr; - } else if(!name_cmp(cnf->name, "userNotice")) { - STACK_OF(CONF_VALUE) *unot; - if(*cnf->value != '@') { - X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_EXPECTED_A_SECTION_NAME); - X509V3_conf_err(cnf); - goto err; - } - unot = X509V3_get_section(ctx, cnf->value + 1); - if(!unot) { - X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_SECTION); - - X509V3_conf_err(cnf); - goto err; - } - qual = notice_section(ctx, unot, ia5org); - X509V3_section_free(ctx, unot); - if(!qual) goto err; - if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) - goto merr; - } else { - X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_OPTION); - - X509V3_conf_err(cnf); - goto err; - } - } - if(!pol->policyid) { - X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_NO_POLICY_IDENTIFIER); - goto err; - } - - return pol; - - merr: - X509V3err(X509V3_F_POLICY_SECTION,ERR_R_MALLOC_FAILURE); - - err: - POLICYINFO_free(pol); - return NULL; - - -} - -static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *unot, int ia5org) -{ - int i; - CONF_VALUE *cnf; - USERNOTICE *not; - POLICYQUALINFO *qual; - if(!(qual = POLICYQUALINFO_new())) goto merr; - qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice); - if(!(not = USERNOTICE_new())) goto merr; - qual->d.usernotice = not; - for(i = 0; i < sk_CONF_VALUE_num(unot); i++) { - cnf = sk_CONF_VALUE_value(unot, i); - if(!strcmp(cnf->name, "explicitText")) { - not->exptext = M_ASN1_VISIBLESTRING_new(); - if(!ASN1_STRING_set(not->exptext, cnf->value, - strlen(cnf->value))) goto merr; - } else if(!strcmp(cnf->name, "organization")) { - NOTICEREF *nref; - if(!not->noticeref) { - if(!(nref = NOTICEREF_new())) goto merr; - not->noticeref = nref; - } else nref = not->noticeref; - if(ia5org) nref->organization = M_ASN1_IA5STRING_new(); - else nref->organization = M_ASN1_VISIBLESTRING_new(); - if(!ASN1_STRING_set(nref->organization, cnf->value, - strlen(cnf->value))) goto merr; - } else if(!strcmp(cnf->name, "noticeNumbers")) { - NOTICEREF *nref; - STACK_OF(CONF_VALUE) *nos; - if(!not->noticeref) { - if(!(nref = NOTICEREF_new())) goto merr; - not->noticeref = nref; - } else nref = not->noticeref; - nos = X509V3_parse_list(cnf->value); - if(!nos || !sk_CONF_VALUE_num(nos)) { - X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_NUMBERS); - X509V3_conf_err(cnf); - goto err; - } - nref->noticenos = nref_nos(nos); - sk_CONF_VALUE_pop_free(nos, X509V3_conf_free); - if(!nref->noticenos) goto err; - } else { - X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_OPTION); - - X509V3_conf_err(cnf); - goto err; - } - } - - if(not->noticeref && - (!not->noticeref->noticenos || !not->noticeref->organization)) { - X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_NEED_ORGANIZATION_AND_NUMBERS); - goto err; - } - - return qual; - - merr: - X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE); - - err: - POLICYQUALINFO_free(qual); - return NULL; -} - -static STACK *nref_nos(STACK_OF(CONF_VALUE) *nos) -{ - STACK *nnums; - CONF_VALUE *cnf; - ASN1_INTEGER *aint; - int i; - if(!(nnums = sk_new_null())) goto merr; - for(i = 0; i < sk_CONF_VALUE_num(nos); i++) { - cnf = sk_CONF_VALUE_value(nos, i); - if(!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) { - X509V3err(X509V3_F_NREF_NOS,X509V3_R_INVALID_NUMBER); - goto err; - } - if(!sk_push(nnums, (char *)aint)) goto merr; - } - return nnums; - - merr: - X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE); - - err: - sk_pop_free(nnums, ASN1_STRING_free); - return NULL; -} - - -static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, - BIO *out, int indent) -{ - int i; - POLICYINFO *pinfo; - /* First print out the policy OIDs */ - for(i = 0; i < sk_POLICYINFO_num(pol); i++) { - pinfo = sk_POLICYINFO_value(pol, i); - BIO_printf(out, "%*sPolicy: ", indent, ""); - i2a_ASN1_OBJECT(out, pinfo->policyid); - BIO_puts(out, "\n"); - if(pinfo->qualifiers) - print_qualifiers(out, pinfo->qualifiers, indent + 2); - } - return 1; -} - - -int i2d_CERTIFICATEPOLICIES(STACK_OF(POLICYINFO) *a, unsigned char **pp) -{ - -return i2d_ASN1_SET_OF_POLICYINFO(a, pp, i2d_POLICYINFO, V_ASN1_SEQUENCE, - V_ASN1_UNIVERSAL, IS_SEQUENCE);} - -STACK_OF(POLICYINFO) *CERTIFICATEPOLICIES_new(void) -{ - return sk_POLICYINFO_new_null(); -} - -void CERTIFICATEPOLICIES_free(STACK_OF(POLICYINFO) *a) -{ - sk_POLICYINFO_pop_free(a, POLICYINFO_free); -} - -STACK_OF(POLICYINFO) *d2i_CERTIFICATEPOLICIES(STACK_OF(POLICYINFO) **a, - unsigned char **pp,long length) -{ -return d2i_ASN1_SET_OF_POLICYINFO(a, pp, length, d2i_POLICYINFO, - POLICYINFO_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); - -} - -IMPLEMENT_STACK_OF(POLICYINFO) -IMPLEMENT_ASN1_SET_OF(POLICYINFO) - -int i2d_POLICYINFO(POLICYINFO *a, unsigned char **pp) -{ - M_ASN1_I2D_vars(a); - - M_ASN1_I2D_len (a->policyid, i2d_ASN1_OBJECT); - M_ASN1_I2D_len_SEQUENCE_type(POLICYQUALINFO, a->qualifiers, - i2d_POLICYQUALINFO); - - M_ASN1_I2D_seq_total(); - - M_ASN1_I2D_put (a->policyid, i2d_ASN1_OBJECT); - M_ASN1_I2D_put_SEQUENCE_type(POLICYQUALINFO, a->qualifiers, - i2d_POLICYQUALINFO); - - M_ASN1_I2D_finish(); -} - -POLICYINFO *POLICYINFO_new(void) -{ - POLICYINFO *ret=NULL; - ASN1_CTX c; - M_ASN1_New_Malloc(ret, POLICYINFO); - ret->policyid = NULL; - ret->qualifiers = NULL; - return (ret); - M_ASN1_New_Error(ASN1_F_POLICYINFO_NEW); -} - -POLICYINFO *d2i_POLICYINFO(POLICYINFO **a, unsigned char **pp,long length) -{ - M_ASN1_D2I_vars(a,POLICYINFO *,POLICYINFO_new); - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - M_ASN1_D2I_get(ret->policyid, d2i_ASN1_OBJECT); - if(!M_ASN1_D2I_end_sequence()) { - M_ASN1_D2I_get_seq_type (POLICYQUALINFO, ret->qualifiers, - d2i_POLICYQUALINFO, POLICYQUALINFO_free); - } - M_ASN1_D2I_Finish(a, POLICYINFO_free, ASN1_F_D2I_POLICYINFO); -} - -void POLICYINFO_free(POLICYINFO *a) -{ - if (a == NULL) return; - ASN1_OBJECT_free(a->policyid); - sk_POLICYQUALINFO_pop_free(a->qualifiers, POLICYQUALINFO_free); - Free (a); -} - -static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, - int indent) -{ - POLICYQUALINFO *qualinfo; - int i; - for(i = 0; i < sk_POLICYQUALINFO_num(quals); i++) { - qualinfo = sk_POLICYQUALINFO_value(quals, i); - switch(OBJ_obj2nid(qualinfo->pqualid)) - { - case NID_id_qt_cps: - BIO_printf(out, "%*sCPS: %s\n", indent, "", - qualinfo->d.cpsuri->data); - break; - - case NID_id_qt_unotice: - BIO_printf(out, "%*sUser Notice:\n", indent, ""); - print_notice(out, qualinfo->d.usernotice, indent + 2); - break; - - default: - BIO_printf(out, "%*sUnknown Qualifier: ", - indent + 2, ""); - - i2a_ASN1_OBJECT(out, qualinfo->pqualid); - BIO_puts(out, "\n"); - break; - } - } -} - -static void print_notice(BIO *out, USERNOTICE *notice, int indent) -{ - int i; - if(notice->noticeref) { - NOTICEREF *ref; - ref = notice->noticeref; - BIO_printf(out, "%*sOrganization: %s\n", indent, "", - ref->organization->data); - BIO_printf(out, "%*sNumber%s: ", indent, "", - (sk_num(ref->noticenos) > 1) ? "s" : ""); - for(i = 0; i < sk_num(ref->noticenos); i++) { - ASN1_INTEGER *num; - char *tmp; - num = (ASN1_INTEGER *)sk_value(ref->noticenos, i); - if(i) BIO_puts(out, ", "); - tmp = i2s_ASN1_INTEGER(NULL, num); - BIO_puts(out, tmp); - Free(tmp); - } - BIO_puts(out, "\n"); - } - if(notice->exptext) - BIO_printf(out, "%*sExplicit Text: %s\n", indent, "", - notice->exptext->data); -} - - - -int i2d_POLICYQUALINFO(POLICYQUALINFO *a, unsigned char **pp) -{ - M_ASN1_I2D_vars(a); - - M_ASN1_I2D_len (a->pqualid, i2d_ASN1_OBJECT); - switch(OBJ_obj2nid(a->pqualid)) { - case NID_id_qt_cps: - M_ASN1_I2D_len(a->d.cpsuri, i2d_ASN1_IA5STRING); - break; - - case NID_id_qt_unotice: - M_ASN1_I2D_len(a->d.usernotice, i2d_USERNOTICE); - break; - - default: - M_ASN1_I2D_len(a->d.other, i2d_ASN1_TYPE); - break; - } - - M_ASN1_I2D_seq_total(); - - M_ASN1_I2D_put (a->pqualid, i2d_ASN1_OBJECT); - switch(OBJ_obj2nid(a->pqualid)) { - case NID_id_qt_cps: - M_ASN1_I2D_put(a->d.cpsuri, i2d_ASN1_IA5STRING); - break; - - case NID_id_qt_unotice: - M_ASN1_I2D_put(a->d.usernotice, i2d_USERNOTICE); - break; - - default: - M_ASN1_I2D_put(a->d.other, i2d_ASN1_TYPE); - break; - } - - M_ASN1_I2D_finish(); -} - -POLICYQUALINFO *POLICYQUALINFO_new(void) -{ - POLICYQUALINFO *ret=NULL; - ASN1_CTX c; - M_ASN1_New_Malloc(ret, POLICYQUALINFO); - ret->pqualid = NULL; - ret->d.other = NULL; - return (ret); - M_ASN1_New_Error(ASN1_F_POLICYQUALINFO_NEW); -} - -POLICYQUALINFO *d2i_POLICYQUALINFO(POLICYQUALINFO **a, unsigned char **pp, - long length) -{ - M_ASN1_D2I_vars(a,POLICYQUALINFO *,POLICYQUALINFO_new); - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - M_ASN1_D2I_get (ret->pqualid, d2i_ASN1_OBJECT); - switch(OBJ_obj2nid(ret->pqualid)) { - case NID_id_qt_cps: - M_ASN1_D2I_get(ret->d.cpsuri, d2i_ASN1_IA5STRING); - break; - - case NID_id_qt_unotice: - M_ASN1_D2I_get(ret->d.usernotice, d2i_USERNOTICE); - break; - - default: - M_ASN1_D2I_get(ret->d.other, d2i_ASN1_TYPE); - break; - } - M_ASN1_D2I_Finish(a, POLICYQUALINFO_free, ASN1_F_D2I_POLICYQUALINFO); -} - -void POLICYQUALINFO_free(POLICYQUALINFO *a) -{ - if (a == NULL) return; - switch(OBJ_obj2nid(a->pqualid)) { - case NID_id_qt_cps: - M_ASN1_IA5STRING_free(a->d.cpsuri); - break; - - case NID_id_qt_unotice: - USERNOTICE_free(a->d.usernotice); - break; - - default: - ASN1_TYPE_free(a->d.other); - break; - } - - ASN1_OBJECT_free(a->pqualid); - Free (a); -} - -int i2d_USERNOTICE(USERNOTICE *a, unsigned char **pp) -{ - M_ASN1_I2D_vars(a); - - M_ASN1_I2D_len (a->noticeref, i2d_NOTICEREF); - M_ASN1_I2D_len (a->exptext, i2d_DISPLAYTEXT); - - M_ASN1_I2D_seq_total(); - - M_ASN1_I2D_put (a->noticeref, i2d_NOTICEREF); - M_ASN1_I2D_put (a->exptext, i2d_DISPLAYTEXT); - - M_ASN1_I2D_finish(); -} - -USERNOTICE *USERNOTICE_new(void) -{ - USERNOTICE *ret=NULL; - ASN1_CTX c; - M_ASN1_New_Malloc(ret, USERNOTICE); - ret->noticeref = NULL; - ret->exptext = NULL; - return (ret); - M_ASN1_New_Error(ASN1_F_USERNOTICE_NEW); -} - -USERNOTICE *d2i_USERNOTICE(USERNOTICE **a, unsigned char **pp,long length) -{ - M_ASN1_D2I_vars(a,USERNOTICE *,USERNOTICE_new); - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - M_ASN1_D2I_get_opt(ret->noticeref, d2i_NOTICEREF, V_ASN1_SEQUENCE); - if (!M_ASN1_D2I_end_sequence()) { - M_ASN1_D2I_get(ret->exptext, d2i_DISPLAYTEXT); - } - M_ASN1_D2I_Finish(a, USERNOTICE_free, ASN1_F_D2I_USERNOTICE); -} - -void USERNOTICE_free(USERNOTICE *a) -{ - if (a == NULL) return; - NOTICEREF_free(a->noticeref); - M_DISPLAYTEXT_free(a->exptext); - Free (a); -} - -int i2d_NOTICEREF(NOTICEREF *a, unsigned char **pp) -{ - M_ASN1_I2D_vars(a); - - M_ASN1_I2D_len (a->organization, i2d_DISPLAYTEXT); - M_ASN1_I2D_len_SEQUENCE(a->noticenos, i2d_ASN1_INTEGER); - - M_ASN1_I2D_seq_total(); - - M_ASN1_I2D_put (a->organization, i2d_DISPLAYTEXT); - M_ASN1_I2D_put_SEQUENCE(a->noticenos, i2d_ASN1_INTEGER); - - M_ASN1_I2D_finish(); -} - -NOTICEREF *NOTICEREF_new(void) -{ - NOTICEREF *ret=NULL; - ASN1_CTX c; - M_ASN1_New_Malloc(ret, NOTICEREF); - ret->organization = NULL; - ret->noticenos = NULL; - return (ret); - M_ASN1_New_Error(ASN1_F_NOTICEREF_NEW); -} - -NOTICEREF *d2i_NOTICEREF(NOTICEREF **a, unsigned char **pp,long length) -{ - M_ASN1_D2I_vars(a,NOTICEREF *,NOTICEREF_new); - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - /* This is to cope with some broken encodings that use IA5STRING for - * the organization field - */ - M_ASN1_D2I_get_opt(ret->organization, d2i_ASN1_IA5STRING, - V_ASN1_IA5STRING); - if(!ret->organization) { - M_ASN1_D2I_get(ret->organization, d2i_DISPLAYTEXT); - } - M_ASN1_D2I_get_seq(ret->noticenos, d2i_ASN1_INTEGER, ASN1_STRING_free); - M_ASN1_D2I_Finish(a, NOTICEREF_free, ASN1_F_D2I_NOTICEREF); -} - -void NOTICEREF_free(NOTICEREF *a) -{ - if (a == NULL) return; - M_DISPLAYTEXT_free(a->organization); - sk_pop_free(a->noticenos, ASN1_STRING_free); - Free (a); -} - -IMPLEMENT_STACK_OF(POLICYQUALINFO) -IMPLEMENT_ASN1_SET_OF(POLICYQUALINFO) diff --git a/src/lib/libcrypto/x509v3/v3_crld.c b/src/lib/libcrypto/x509v3/v3_crld.c deleted file mode 100644 index e459d2595a..0000000000 --- a/src/lib/libcrypto/x509v3/v3_crld.c +++ /dev/null @@ -1,285 +0,0 @@ -/* v3_crld.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include "cryptlib.h" -#include -#include -#include -#include - -static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method, - STACK_OF(DIST_POINT) *crld, STACK_OF(CONF_VALUE) *extlist); -static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); - -X509V3_EXT_METHOD v3_crld = { -NID_crl_distribution_points, X509V3_EXT_MULTILINE, -(X509V3_EXT_NEW)CRL_DIST_POINTS_new, -(X509V3_EXT_FREE)CRL_DIST_POINTS_free, -(X509V3_EXT_D2I)d2i_CRL_DIST_POINTS, -(X509V3_EXT_I2D)i2d_CRL_DIST_POINTS, -NULL, NULL, -(X509V3_EXT_I2V)i2v_crld, -(X509V3_EXT_V2I)v2i_crld, -NULL, NULL, NULL -}; - -static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method, - STACK_OF(DIST_POINT) *crld, STACK_OF(CONF_VALUE) *exts) -{ - DIST_POINT *point; - int i; - for(i = 0; i < sk_DIST_POINT_num(crld); i++) { - point = sk_DIST_POINT_value(crld, i); - if(point->distpoint->fullname) { - exts = i2v_GENERAL_NAMES(NULL, - point->distpoint->fullname, exts); - } - if(point->reasons) - X509V3_add_value("reasons","", &exts); - if(point->CRLissuer) - X509V3_add_value("CRLissuer","", &exts); - if(point->distpoint->relativename) - X509V3_add_value("RelativeName","", &exts); - } - return exts; -} - -static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) -{ - STACK_OF(DIST_POINT) *crld = NULL; - STACK_OF(GENERAL_NAME) *gens = NULL; - GENERAL_NAME *gen = NULL; - CONF_VALUE *cnf; - int i; - if(!(crld = sk_DIST_POINT_new(NULL))) goto merr; - for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { - DIST_POINT *point; - cnf = sk_CONF_VALUE_value(nval, i); - if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err; - if(!(gens = GENERAL_NAMES_new())) goto merr; - if(!sk_GENERAL_NAME_push(gens, gen)) goto merr; - gen = NULL; - if(!(point = DIST_POINT_new())) goto merr; - if(!sk_DIST_POINT_push(crld, point)) { - DIST_POINT_free(point); - goto merr; - } - if(!(point->distpoint = DIST_POINT_NAME_new())) goto merr; - point->distpoint->fullname = gens; - gens = NULL; - } - return crld; - - merr: - X509V3err(X509V3_F_V2I_CRLD,ERR_R_MALLOC_FAILURE); - err: - GENERAL_NAME_free(gen); - GENERAL_NAMES_free(gens); - sk_DIST_POINT_pop_free(crld, DIST_POINT_free); - return NULL; -} - -int i2d_CRL_DIST_POINTS(STACK_OF(DIST_POINT) *a, unsigned char **pp) -{ - -return i2d_ASN1_SET_OF_DIST_POINT(a, pp, i2d_DIST_POINT, V_ASN1_SEQUENCE, - V_ASN1_UNIVERSAL, IS_SEQUENCE);} - -STACK_OF(DIST_POINT) *CRL_DIST_POINTS_new(void) -{ - return sk_DIST_POINT_new_null(); -} - -void CRL_DIST_POINTS_free(STACK_OF(DIST_POINT) *a) -{ - sk_DIST_POINT_pop_free(a, DIST_POINT_free); -} - -STACK_OF(DIST_POINT) *d2i_CRL_DIST_POINTS(STACK_OF(DIST_POINT) **a, - unsigned char **pp,long length) -{ -return d2i_ASN1_SET_OF_DIST_POINT(a, pp, length, d2i_DIST_POINT, - DIST_POINT_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); - -} - -IMPLEMENT_STACK_OF(DIST_POINT) -IMPLEMENT_ASN1_SET_OF(DIST_POINT) - -int i2d_DIST_POINT(DIST_POINT *a, unsigned char **pp) -{ - int v = 0; - M_ASN1_I2D_vars(a); - /* NB: underlying type is a CHOICE so need EXPLICIT tagging */ - M_ASN1_I2D_len_EXP_opt (a->distpoint, i2d_DIST_POINT_NAME, 0, v); - M_ASN1_I2D_len_IMP_opt (a->reasons, i2d_ASN1_BIT_STRING); - M_ASN1_I2D_len_IMP_opt (a->CRLissuer, i2d_GENERAL_NAMES); - - M_ASN1_I2D_seq_total(); - - M_ASN1_I2D_put_EXP_opt (a->distpoint, i2d_DIST_POINT_NAME, 0, v); - M_ASN1_I2D_put_IMP_opt (a->reasons, i2d_ASN1_BIT_STRING, 1); - M_ASN1_I2D_put_IMP_opt (a->CRLissuer, i2d_GENERAL_NAMES, 2); - - M_ASN1_I2D_finish(); -} - -DIST_POINT *DIST_POINT_new(void) -{ - DIST_POINT *ret=NULL; - ASN1_CTX c; - M_ASN1_New_Malloc(ret, DIST_POINT); - ret->distpoint = NULL; - ret->reasons = NULL; - ret->CRLissuer = NULL; - return (ret); - M_ASN1_New_Error(ASN1_F_DIST_POINT_NEW); -} - -DIST_POINT *d2i_DIST_POINT(DIST_POINT **a, unsigned char **pp, long length) -{ - M_ASN1_D2I_vars(a,DIST_POINT *,DIST_POINT_new); - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - M_ASN1_D2I_get_EXP_opt (ret->distpoint, d2i_DIST_POINT_NAME, 0); - M_ASN1_D2I_get_IMP_opt (ret->reasons, d2i_ASN1_BIT_STRING, 1, - V_ASN1_BIT_STRING); - M_ASN1_D2I_get_IMP_opt (ret->CRLissuer, d2i_GENERAL_NAMES, 2, - V_ASN1_SEQUENCE); - M_ASN1_D2I_Finish(a, DIST_POINT_free, ASN1_F_D2I_DIST_POINT); -} - -void DIST_POINT_free(DIST_POINT *a) -{ - if (a == NULL) return; - DIST_POINT_NAME_free(a->distpoint); - M_ASN1_BIT_STRING_free(a->reasons); - sk_GENERAL_NAME_pop_free(a->CRLissuer, GENERAL_NAME_free); - Free (a); -} - -int i2d_DIST_POINT_NAME(DIST_POINT_NAME *a, unsigned char **pp) -{ - M_ASN1_I2D_vars(a); - - if(a->fullname) { - M_ASN1_I2D_len_IMP_opt (a->fullname, i2d_GENERAL_NAMES); - } else { - M_ASN1_I2D_len_IMP_SET_opt_type(X509_NAME_ENTRY, - a->relativename, i2d_X509_NAME_ENTRY, 1); - } - - /* Don't want a SEQUENCE so... */ - if(pp == NULL) return ret; - p = *pp; - - if(a->fullname) { - M_ASN1_I2D_put_IMP_opt (a->fullname, i2d_GENERAL_NAMES, 0); - } else { - M_ASN1_I2D_put_IMP_SET_opt_type(X509_NAME_ENTRY, - a->relativename, i2d_X509_NAME_ENTRY, 1); - } - M_ASN1_I2D_finish(); -} - -DIST_POINT_NAME *DIST_POINT_NAME_new(void) -{ - DIST_POINT_NAME *ret=NULL; - ASN1_CTX c; - M_ASN1_New_Malloc(ret, DIST_POINT_NAME); - ret->fullname = NULL; - ret->relativename = NULL; - return (ret); - M_ASN1_New_Error(ASN1_F_DIST_POINT_NAME_NEW); -} - -void DIST_POINT_NAME_free(DIST_POINT_NAME *a) -{ - if (a == NULL) return; - sk_X509_NAME_ENTRY_pop_free(a->relativename, X509_NAME_ENTRY_free); - sk_GENERAL_NAME_pop_free(a->fullname, GENERAL_NAME_free); - Free (a); -} - -DIST_POINT_NAME *d2i_DIST_POINT_NAME(DIST_POINT_NAME **a, unsigned char **pp, - long length) -{ - unsigned char _tmp, tag; - M_ASN1_D2I_vars(a,DIST_POINT_NAME *,DIST_POINT_NAME_new); - M_ASN1_D2I_Init(); - c.slen = length; - - _tmp = M_ASN1_next; - tag = _tmp & ~V_ASN1_CONSTRUCTED; - - if(tag == (0|V_ASN1_CONTEXT_SPECIFIC)) { - M_ASN1_D2I_get_imp(ret->fullname, d2i_GENERAL_NAMES, - V_ASN1_SEQUENCE); - } else if (tag == (1|V_ASN1_CONTEXT_SPECIFIC)) { - M_ASN1_D2I_get_IMP_set_opt_type (X509_NAME_ENTRY, - ret->relativename, d2i_X509_NAME_ENTRY, X509_NAME_ENTRY_free, 1); - } else { - c.error = ASN1_R_BAD_TAG; - goto err; - } - - M_ASN1_D2I_Finish(a, DIST_POINT_NAME_free, ASN1_F_D2I_DIST_POINT_NAME); -} diff --git a/src/lib/libcrypto/x509v3/v3_enum.c b/src/lib/libcrypto/x509v3/v3_enum.c deleted file mode 100644 index aecfdc87f8..0000000000 --- a/src/lib/libcrypto/x509v3/v3_enum.c +++ /dev/null @@ -1,96 +0,0 @@ -/* v3_enum.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include "cryptlib.h" -#include - -static ENUMERATED_NAMES crl_reasons[] = { -{0, "Unspecified", "unspecified"}, -{1, "Key Compromise", "keyCompromise"}, -{2, "CA Compromise", "CACompromise"}, -{3, "Affiliation Changed", "affiliationChanged"}, -{4, "Superseded", "superseded"}, -{5, "Cessation Of Operation", "cessationOfOperation"}, -{6, "Certificate Hold", "certificateHold"}, -{8, "Remove From CRL", "removeFromCRL"}, -{-1, NULL, NULL} -}; - -X509V3_EXT_METHOD v3_crl_reason = { -NID_crl_reason, 0, -(X509V3_EXT_NEW)ASN1_ENUMERATED_new, -(X509V3_EXT_FREE)ASN1_ENUMERATED_free, -(X509V3_EXT_D2I)d2i_ASN1_ENUMERATED, -(X509V3_EXT_I2D)i2d_ASN1_ENUMERATED, -(X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE, -(X509V3_EXT_S2I)0, -NULL, NULL, NULL, NULL, crl_reasons}; - - -char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method, - ASN1_ENUMERATED *e) -{ - ENUMERATED_NAMES *enam; - long strval; - strval = ASN1_ENUMERATED_get(e); - for(enam = method->usr_data; enam->lname; enam++) { - if(strval == enam->bitnum) return BUF_strdup(enam->lname); - } - return i2s_ASN1_ENUMERATED(method, e); -} diff --git a/src/lib/libcrypto/x509v3/v3_extku.c b/src/lib/libcrypto/x509v3/v3_extku.c deleted file mode 100644 index e039d21cbf..0000000000 --- a/src/lib/libcrypto/x509v3/v3_extku.c +++ /dev/null @@ -1,150 +0,0 @@ -/* v3_extku.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - - -#include -#include "cryptlib.h" -#include -#include -#include - -static STACK_OF(ASN1_OBJECT) *v2i_ext_ku(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); -static STACK_OF(CONF_VALUE) *i2v_ext_ku(X509V3_EXT_METHOD *method, - STACK_OF(ASN1_OBJECT) *eku, STACK_OF(CONF_VALUE) *extlist); -X509V3_EXT_METHOD v3_ext_ku = { -NID_ext_key_usage, 0, -(X509V3_EXT_NEW)ext_ku_new, -(X509V3_EXT_FREE)ext_ku_free, -(X509V3_EXT_D2I)d2i_ext_ku, -(X509V3_EXT_I2D)i2d_ext_ku, -NULL, NULL, -(X509V3_EXT_I2V)i2v_ext_ku, -(X509V3_EXT_V2I)v2i_ext_ku, -NULL,NULL, -NULL -}; - -STACK_OF(ASN1_OBJECT) *ext_ku_new(void) -{ - return sk_ASN1_OBJECT_new_null(); -} - -void ext_ku_free(STACK_OF(ASN1_OBJECT) *eku) -{ - sk_ASN1_OBJECT_pop_free(eku, ASN1_OBJECT_free); - return; -} - -int i2d_ext_ku(STACK_OF(ASN1_OBJECT) *a, unsigned char **pp) -{ - return i2d_ASN1_SET_OF_ASN1_OBJECT(a, pp, i2d_ASN1_OBJECT, - V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE); -} - -STACK_OF(ASN1_OBJECT) *d2i_ext_ku(STACK_OF(ASN1_OBJECT) **a, - unsigned char **pp, long length) -{ - return d2i_ASN1_SET_OF_ASN1_OBJECT(a, pp, length, d2i_ASN1_OBJECT, - ASN1_OBJECT_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); -} - - - -static STACK_OF(CONF_VALUE) *i2v_ext_ku(X509V3_EXT_METHOD *method, - STACK_OF(ASN1_OBJECT) *eku, STACK_OF(CONF_VALUE) *ext_list) -{ -int i; -ASN1_OBJECT *obj; -char obj_tmp[80]; -for(i = 0; i < sk_ASN1_OBJECT_num(eku); i++) { - obj = sk_ASN1_OBJECT_value(eku, i); - i2t_ASN1_OBJECT(obj_tmp, 80, obj); - X509V3_add_value(NULL, obj_tmp, &ext_list); -} -return ext_list; -} - -static STACK_OF(ASN1_OBJECT) *v2i_ext_ku(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) -{ -STACK_OF(ASN1_OBJECT) *extku; -char *extval; -ASN1_OBJECT *objtmp; -CONF_VALUE *val; -int i; - -if(!(extku = sk_ASN1_OBJECT_new(NULL))) { - X509V3err(X509V3_F_V2I_EXT_KU,ERR_R_MALLOC_FAILURE); - return NULL; -} - -for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { - val = sk_CONF_VALUE_value(nval, i); - if(val->value) extval = val->value; - else extval = val->name; - if(!(objtmp = OBJ_txt2obj(extval, 0))) { - sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free); - X509V3err(X509V3_F_V2I_EXT_KU,X509V3_R_INVALID_OBJECT_IDENTIFIER); - X509V3_conf_err(val); - return NULL; - } - sk_ASN1_OBJECT_push(extku, objtmp); -} -return extku; -} diff --git a/src/lib/libcrypto/x509v3/v3_genn.c b/src/lib/libcrypto/x509v3/v3_genn.c deleted file mode 100644 index 894afa7e03..0000000000 --- a/src/lib/libcrypto/x509v3/v3_genn.c +++ /dev/null @@ -1,291 +0,0 @@ -/* v3_genn.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - - -#include -#include "cryptlib.h" -#include -#include -#include -#include - -int i2d_GENERAL_NAME(GENERAL_NAME *a, unsigned char **pp) -{ - unsigned char *p; - int ret; - - ret = 0; - - /* Save the location of initial TAG */ - if(pp) p = *pp; - else p = NULL; - - /* GEN_DNAME needs special treatment because of EXPLICIT tag */ - - if(a->type == GEN_DIRNAME) { - int v = 0; - M_ASN1_I2D_len_EXP_opt(a->d.dirn, i2d_X509_NAME, 4, v); - if(!p) return ret; - M_ASN1_I2D_put_EXP_opt(a->d.dirn, i2d_X509_NAME, 4, v); - *pp = p; - return ret; - } - - switch(a->type) { - - case GEN_X400: - case GEN_EDIPARTY: - ret = i2d_ASN1_TYPE(a->d.other, pp); - break; - - case GEN_OTHERNAME: - ret = i2d_OTHERNAME(a->d.otherName, pp); - break; - - case GEN_EMAIL: - case GEN_DNS: - case GEN_URI: - ret = i2d_ASN1_IA5STRING(a->d.ia5, pp); - break; - - case GEN_IPADD: - ret = i2d_ASN1_OCTET_STRING(a->d.ip, pp); - break; - - case GEN_RID: - ret = i2d_ASN1_OBJECT(a->d.rid, pp); - break; - } - /* Replace TAG with IMPLICIT value */ - if(p) *p = (*p & V_ASN1_CONSTRUCTED) | a->type; - return ret; -} - -GENERAL_NAME *GENERAL_NAME_new() -{ - GENERAL_NAME *ret=NULL; - ASN1_CTX c; - M_ASN1_New_Malloc(ret, GENERAL_NAME); - ret->type = -1; - ret->d.ptr = NULL; - return (ret); - M_ASN1_New_Error(ASN1_F_GENERAL_NAME_NEW); -} - -GENERAL_NAME *d2i_GENERAL_NAME(GENERAL_NAME **a, unsigned char **pp, - long length) -{ - unsigned char _tmp; - M_ASN1_D2I_vars(a,GENERAL_NAME *,GENERAL_NAME_new); - M_ASN1_D2I_Init(); - c.slen = length; - - _tmp = M_ASN1_next; - ret->type = _tmp & ~V_ASN1_CONSTRUCTED; - - switch(ret->type) { - /* Just put these in a "blob" for now */ - case GEN_X400: - case GEN_EDIPARTY: - M_ASN1_D2I_get_imp(ret->d.other, d2i_ASN1_TYPE,V_ASN1_SEQUENCE); - break; - - case GEN_OTHERNAME: - M_ASN1_D2I_get_imp(ret->d.otherName, d2i_OTHERNAME,V_ASN1_SEQUENCE); - break; - - case GEN_EMAIL: - case GEN_DNS: - case GEN_URI: - M_ASN1_D2I_get_imp(ret->d.ia5, d2i_ASN1_IA5STRING, - V_ASN1_IA5STRING); - break; - - case GEN_DIRNAME: - M_ASN1_D2I_get_EXP_opt(ret->d.dirn, d2i_X509_NAME, 4); - break; - - case GEN_IPADD: - M_ASN1_D2I_get_imp(ret->d.ip, d2i_ASN1_OCTET_STRING, - V_ASN1_OCTET_STRING); - break; - - case GEN_RID: - M_ASN1_D2I_get_imp(ret->d.rid, d2i_ASN1_OBJECT,V_ASN1_OBJECT); - break; - - default: - c.error = ASN1_R_BAD_TAG; - goto err; - } - - c.slen = 0; - M_ASN1_D2I_Finish(a, GENERAL_NAME_free, ASN1_F_D2I_GENERAL_NAME); -} - -void GENERAL_NAME_free(GENERAL_NAME *a) -{ - if (a == NULL) return; - switch(a->type) { - case GEN_X400: - case GEN_EDIPARTY: - ASN1_TYPE_free(a->d.other); - break; - - case GEN_OTHERNAME: - OTHERNAME_free(a->d.otherName); - break; - - case GEN_EMAIL: - case GEN_DNS: - case GEN_URI: - - M_ASN1_IA5STRING_free(a->d.ia5); - break; - - case GEN_DIRNAME: - X509_NAME_free(a->d.dirn); - break; - - case GEN_IPADD: - M_ASN1_OCTET_STRING_free(a->d.ip); - break; - - case GEN_RID: - ASN1_OBJECT_free(a->d.rid); - break; - - } - Free (a); -} - -/* Now the GeneralNames versions: a SEQUENCE OF GeneralName. These are needed as - * explicit functions. - */ - -STACK_OF(GENERAL_NAME) *GENERAL_NAMES_new() -{ - return sk_GENERAL_NAME_new(NULL); -} - -void GENERAL_NAMES_free(STACK_OF(GENERAL_NAME) *a) -{ - sk_GENERAL_NAME_pop_free(a, GENERAL_NAME_free); -} - -STACK_OF(GENERAL_NAME) *d2i_GENERAL_NAMES(STACK_OF(GENERAL_NAME) **a, - unsigned char **pp, long length) -{ -return d2i_ASN1_SET_OF_GENERAL_NAME(a, pp, length, d2i_GENERAL_NAME, - GENERAL_NAME_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); -} - -int i2d_GENERAL_NAMES(STACK_OF(GENERAL_NAME) *a, unsigned char **pp) -{ -return i2d_ASN1_SET_OF_GENERAL_NAME(a, pp, i2d_GENERAL_NAME, V_ASN1_SEQUENCE, - V_ASN1_UNIVERSAL, IS_SEQUENCE); -} - -IMPLEMENT_STACK_OF(GENERAL_NAME) -IMPLEMENT_ASN1_SET_OF(GENERAL_NAME) - -int i2d_OTHERNAME(OTHERNAME *a, unsigned char **pp) -{ - int v = 0; - M_ASN1_I2D_vars(a); - - M_ASN1_I2D_len(a->type_id, i2d_ASN1_OBJECT); - M_ASN1_I2D_len_EXP_opt(a->value, i2d_ASN1_TYPE, 0, v); - - M_ASN1_I2D_seq_total(); - - M_ASN1_I2D_put(a->type_id, i2d_ASN1_OBJECT); - M_ASN1_I2D_put_EXP_opt(a->value, i2d_ASN1_TYPE, 0, v); - - M_ASN1_I2D_finish(); -} - -OTHERNAME *OTHERNAME_new(void) -{ - OTHERNAME *ret=NULL; - ASN1_CTX c; - M_ASN1_New_Malloc(ret, OTHERNAME); - ret->type_id = OBJ_nid2obj(NID_undef); - M_ASN1_New(ret->value, ASN1_TYPE_new); - return (ret); - M_ASN1_New_Error(ASN1_F_OTHERNAME_NEW); -} - -OTHERNAME *d2i_OTHERNAME(OTHERNAME **a, unsigned char **pp, long length) -{ - M_ASN1_D2I_vars(a,OTHERNAME *,OTHERNAME_new); - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - M_ASN1_D2I_get(ret->type_id, d2i_ASN1_OBJECT); - M_ASN1_D2I_get_EXP_opt(ret->value, d2i_ASN1_TYPE, 0); - M_ASN1_D2I_Finish(a, OTHERNAME_free, ASN1_F_D2I_OTHERNAME); -} - -void OTHERNAME_free(OTHERNAME *a) -{ - if (a == NULL) return; - ASN1_OBJECT_free(a->type_id); - ASN1_TYPE_free(a->value); - Free (a); -} - diff --git a/src/lib/libcrypto/x509v3/v3_ia5.c b/src/lib/libcrypto/x509v3/v3_ia5.c deleted file mode 100644 index af3525f33e..0000000000 --- a/src/lib/libcrypto/x509v3/v3_ia5.c +++ /dev/null @@ -1,113 +0,0 @@ -/* v3_ia5.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - - -#include -#include "cryptlib.h" -#include -#include -#include - -static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5); -static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); -X509V3_EXT_METHOD v3_ns_ia5_list[] = { -EXT_IA5STRING(NID_netscape_base_url), -EXT_IA5STRING(NID_netscape_revocation_url), -EXT_IA5STRING(NID_netscape_ca_revocation_url), -EXT_IA5STRING(NID_netscape_renewal_url), -EXT_IA5STRING(NID_netscape_ca_policy_url), -EXT_IA5STRING(NID_netscape_ssl_server_name), -EXT_IA5STRING(NID_netscape_comment), -EXT_END -}; - - -static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, - ASN1_IA5STRING *ia5) -{ - char *tmp; - if(!ia5 || !ia5->length) return NULL; - tmp = Malloc(ia5->length + 1); - memcpy(tmp, ia5->data, ia5->length); - tmp[ia5->length] = 0; - return tmp; -} - -static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, char *str) -{ - ASN1_IA5STRING *ia5; - if(!str) { - X509V3err(X509V3_F_S2I_ASN1_IA5STRING,X509V3_R_INVALID_NULL_ARGUMENT); - return NULL; - } - if(!(ia5 = M_ASN1_IA5STRING_new())) goto err; - if(!ASN1_STRING_set((ASN1_STRING *)ia5, (unsigned char*)str, - strlen(str))) { - M_ASN1_IA5STRING_free(ia5); - goto err; - } -#ifdef CHARSET_EBCDIC - ebcdic2ascii(ia5->data, ia5->data, ia5->length); -#endif /*CHARSET_EBCDIC*/ - return ia5; - err: - X509V3err(X509V3_F_S2I_ASN1_IA5STRING,ERR_R_MALLOC_FAILURE); - return NULL; -} - diff --git a/src/lib/libcrypto/x509v3/v3_info.c b/src/lib/libcrypto/x509v3/v3_info.c deleted file mode 100644 index 78d2135046..0000000000 --- a/src/lib/libcrypto/x509v3/v3_info.c +++ /dev/null @@ -1,236 +0,0 @@ -/* v3_info.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include "cryptlib.h" -#include -#include -#include -#include - -static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, - STACK_OF(ACCESS_DESCRIPTION) *ainfo, - STACK_OF(CONF_VALUE) *ret); -static STACK_OF(ACCESS_DESCRIPTION) *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); - -X509V3_EXT_METHOD v3_info = -{ NID_info_access, X509V3_EXT_MULTILINE, -(X509V3_EXT_NEW)AUTHORITY_INFO_ACCESS_new, -(X509V3_EXT_FREE)AUTHORITY_INFO_ACCESS_free, -(X509V3_EXT_D2I)d2i_AUTHORITY_INFO_ACCESS, -(X509V3_EXT_I2D)i2d_AUTHORITY_INFO_ACCESS, -NULL, NULL, -(X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS, -(X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS, -NULL, NULL, NULL}; - -static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, - STACK_OF(ACCESS_DESCRIPTION) *ainfo, - STACK_OF(CONF_VALUE) *ret) -{ - ACCESS_DESCRIPTION *desc; - int i; - char objtmp[80], *ntmp; - CONF_VALUE *vtmp; - for(i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) { - desc = sk_ACCESS_DESCRIPTION_value(ainfo, i); - ret = i2v_GENERAL_NAME(method, desc->location, ret); - if(!ret) break; - vtmp = sk_CONF_VALUE_value(ret, i); - i2t_ASN1_OBJECT(objtmp, 80, desc->method); - ntmp = Malloc(strlen(objtmp) + strlen(vtmp->name) + 5); - if(!ntmp) { - X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS, - ERR_R_MALLOC_FAILURE); - return NULL; - } - strcpy(ntmp, objtmp); - strcat(ntmp, " - "); - strcat(ntmp, vtmp->name); - Free(vtmp->name); - vtmp->name = ntmp; - - } - if(!ret) return sk_CONF_VALUE_new_null(); - return ret; -} - -static STACK_OF(ACCESS_DESCRIPTION) *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) -{ - STACK_OF(ACCESS_DESCRIPTION) *ainfo = NULL; - CONF_VALUE *cnf, ctmp; - ACCESS_DESCRIPTION *acc; - int i, objlen; - char *objtmp, *ptmp; - if(!(ainfo = sk_ACCESS_DESCRIPTION_new(NULL))) { - X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE); - return NULL; - } - for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { - cnf = sk_CONF_VALUE_value(nval, i); - if(!(acc = ACCESS_DESCRIPTION_new()) - || !sk_ACCESS_DESCRIPTION_push(ainfo, acc)) { - X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE); - goto err; - } - ptmp = strchr(cnf->name, ';'); - if(!ptmp) { - X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,X509V3_R_INVALID_SYNTAX); - goto err; - } - objlen = ptmp - cnf->name; - ctmp.name = ptmp + 1; - ctmp.value = cnf->value; - if(!(acc->location = v2i_GENERAL_NAME(method, ctx, &ctmp))) - goto err; - if(!(objtmp = Malloc(objlen + 1))) { - X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE); - goto err; - } - strncpy(objtmp, cnf->name, objlen); - objtmp[objlen] = 0; - acc->method = OBJ_txt2obj(objtmp, 0); - if(!acc->method) { - X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,X509V3_R_BAD_OBJECT); - ERR_add_error_data(2, "value=", objtmp); - Free(objtmp); - goto err; - } - Free(objtmp); - - } - return ainfo; - err: - sk_ACCESS_DESCRIPTION_pop_free(ainfo, ACCESS_DESCRIPTION_free); - return NULL; -} - -int i2d_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION *a, unsigned char **pp) -{ - M_ASN1_I2D_vars(a); - - M_ASN1_I2D_len(a->method, i2d_ASN1_OBJECT); - M_ASN1_I2D_len(a->location, i2d_GENERAL_NAME); - - M_ASN1_I2D_seq_total(); - - M_ASN1_I2D_put(a->method, i2d_ASN1_OBJECT); - M_ASN1_I2D_put(a->location, i2d_GENERAL_NAME); - - M_ASN1_I2D_finish(); -} - -ACCESS_DESCRIPTION *ACCESS_DESCRIPTION_new(void) -{ - ACCESS_DESCRIPTION *ret=NULL; - ASN1_CTX c; - M_ASN1_New_Malloc(ret, ACCESS_DESCRIPTION); - ret->method = OBJ_nid2obj(NID_undef); - ret->location = NULL; - return (ret); - M_ASN1_New_Error(ASN1_F_ACCESS_DESCRIPTION_NEW); -} - -ACCESS_DESCRIPTION *d2i_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION **a, unsigned char **pp, - long length) -{ - M_ASN1_D2I_vars(a,ACCESS_DESCRIPTION *,ACCESS_DESCRIPTION_new); - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - M_ASN1_D2I_get(ret->method, d2i_ASN1_OBJECT); - M_ASN1_D2I_get(ret->location, d2i_GENERAL_NAME); - M_ASN1_D2I_Finish(a, ACCESS_DESCRIPTION_free, ASN1_F_D2I_ACCESS_DESCRIPTION); -} - -void ACCESS_DESCRIPTION_free(ACCESS_DESCRIPTION *a) -{ - if (a == NULL) return; - ASN1_OBJECT_free(a->method); - GENERAL_NAME_free(a->location); - Free (a); -} - -STACK_OF(ACCESS_DESCRIPTION) *AUTHORITY_INFO_ACCESS_new(void) -{ - return sk_ACCESS_DESCRIPTION_new(NULL); -} - -void AUTHORITY_INFO_ACCESS_free(STACK_OF(ACCESS_DESCRIPTION) *a) -{ - sk_ACCESS_DESCRIPTION_pop_free(a, ACCESS_DESCRIPTION_free); -} - -STACK_OF(ACCESS_DESCRIPTION) *d2i_AUTHORITY_INFO_ACCESS(STACK_OF(ACCESS_DESCRIPTION) **a, - unsigned char **pp, long length) -{ -return d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(a, pp, length, d2i_ACCESS_DESCRIPTION, - ACCESS_DESCRIPTION_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); -} - -int i2d_AUTHORITY_INFO_ACCESS(STACK_OF(ACCESS_DESCRIPTION) *a, unsigned char **pp) -{ -return i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(a, pp, i2d_ACCESS_DESCRIPTION, V_ASN1_SEQUENCE, - V_ASN1_UNIVERSAL, IS_SEQUENCE); -} - -IMPLEMENT_STACK_OF(ACCESS_DESCRIPTION) -IMPLEMENT_ASN1_SET_OF(ACCESS_DESCRIPTION) - - diff --git a/src/lib/libcrypto/x509v3/v3_int.c b/src/lib/libcrypto/x509v3/v3_int.c deleted file mode 100644 index 63c201e5f4..0000000000 --- a/src/lib/libcrypto/x509v3/v3_int.c +++ /dev/null @@ -1,72 +0,0 @@ -/* v3_int.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include "cryptlib.h" -#include - -X509V3_EXT_METHOD v3_crl_num = { -NID_crl_number, 0, -(X509V3_EXT_NEW)ASN1_INTEGER_new, -(X509V3_EXT_FREE)ASN1_INTEGER_free, -(X509V3_EXT_D2I)d2i_ASN1_INTEGER, -(X509V3_EXT_I2D)i2d_ASN1_INTEGER, -(X509V3_EXT_I2S)i2s_ASN1_INTEGER, -(X509V3_EXT_S2I)0, -NULL, NULL, NULL, NULL, NULL}; - diff --git a/src/lib/libcrypto/x509v3/v3_lib.c b/src/lib/libcrypto/x509v3/v3_lib.c deleted file mode 100644 index 4242d130a2..0000000000 --- a/src/lib/libcrypto/x509v3/v3_lib.c +++ /dev/null @@ -1,221 +0,0 @@ -/* v3_lib.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* X509 v3 extension utilities */ - -#include -#include "cryptlib.h" -#include -#include - -#include "ext_dat.h" - -static STACK *ext_list = NULL; - -static int ext_cmp(X509V3_EXT_METHOD **a, X509V3_EXT_METHOD **b); -static void ext_list_free(X509V3_EXT_METHOD *ext); - -int X509V3_EXT_add(X509V3_EXT_METHOD *ext) -{ - if(!ext_list && !(ext_list = sk_new(ext_cmp))) { - X509V3err(X509V3_F_X509V3_EXT_ADD,ERR_R_MALLOC_FAILURE); - return 0; - } - if(!sk_push(ext_list, (char *)ext)) { - X509V3err(X509V3_F_X509V3_EXT_ADD,ERR_R_MALLOC_FAILURE); - return 0; - } - return 1; -} - -static int ext_cmp(X509V3_EXT_METHOD **a, X509V3_EXT_METHOD **b) -{ - return ((*a)->ext_nid - (*b)->ext_nid); -} - -X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid) -{ - X509V3_EXT_METHOD tmp, *t = &tmp, **ret; - int idx; - if(nid < 0) return NULL; - tmp.ext_nid = nid; - ret = (X509V3_EXT_METHOD **) OBJ_bsearch((char *)&t, - (char *)standard_exts, STANDARD_EXTENSION_COUNT, - sizeof(X509V3_EXT_METHOD *), (int (*)())ext_cmp); - if(ret) return *ret; - if(!ext_list) return NULL; - idx = sk_find(ext_list, (char *)&tmp); - if(idx == -1) return NULL; - return (X509V3_EXT_METHOD *)sk_value(ext_list, idx); -} - -X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext) -{ - int nid; - if((nid = OBJ_obj2nid(ext->object)) == NID_undef) return NULL; - return X509V3_EXT_get_nid(nid); -} - - -int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist) -{ - for(;extlist->ext_nid!=-1;extlist++) - if(!X509V3_EXT_add(extlist)) return 0; - return 1; -} - -int X509V3_EXT_add_alias(int nid_to, int nid_from) -{ - X509V3_EXT_METHOD *ext, *tmpext; - if(!(ext = X509V3_EXT_get_nid(nid_from))) { - X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,X509V3_R_EXTENSION_NOT_FOUND); - return 0; - } - if(!(tmpext = (X509V3_EXT_METHOD *)Malloc(sizeof(X509V3_EXT_METHOD)))) { - X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,ERR_R_MALLOC_FAILURE); - return 0; - } - *tmpext = *ext; - tmpext->ext_nid = nid_to; - tmpext->ext_flags |= X509V3_EXT_DYNAMIC; - return X509V3_EXT_add(tmpext); -} - -void X509V3_EXT_cleanup(void) -{ - sk_pop_free(ext_list, ext_list_free); - ext_list = NULL; -} - -static void ext_list_free(X509V3_EXT_METHOD *ext) -{ - if(ext->ext_flags & X509V3_EXT_DYNAMIC) Free(ext); -} - -/* Legacy function: we don't need to add standard extensions - * any more because they are now kept in ext_dat.h. - */ - -int X509V3_add_standard_extensions(void) -{ - return 1; -} - -/* Return an extension internal structure */ - -void *X509V3_EXT_d2i(X509_EXTENSION *ext) -{ - X509V3_EXT_METHOD *method; - unsigned char *p; - if(!(method = X509V3_EXT_get(ext)) || !method->d2i) return NULL; - p = ext->value->data; - return method->d2i(NULL, &p, ext->value->length); -} - -/* Get critical flag and decoded version of extension from a NID. - * The "idx" variable returns the last found extension and can - * be used to retrieve multiple extensions of the same NID. - * However multiple extensions with the same NID is usually - * due to a badly encoded certificate so if idx is NULL we - * choke if multiple extensions exist. - * The "crit" variable is set to the critical value. - * The return value is the decoded extension or NULL on - * error. The actual error can have several different causes, - * the value of *crit reflects the cause: - * >= 0, extension found but not decoded (reflects critical value). - * -1 extension not found. - * -2 extension occurs more than once. - */ - -void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx) -{ - int lastpos, i; - X509_EXTENSION *ex, *found_ex = NULL; - if(!x) { - if(idx) *idx = -1; - if(crit) *crit = -1; - return NULL; - } - if(idx) lastpos = *idx + 1; - else lastpos = 0; - if(lastpos < 0) lastpos = 0; - for(i = lastpos; i < sk_X509_EXTENSION_num(x); i++) - { - ex = sk_X509_EXTENSION_value(x, i); - if(OBJ_obj2nid(ex->object) == nid) { - if(idx) { - *idx = i; - break; - } else if(found_ex) { - /* Found more than one */ - if(crit) *crit = -2; - return NULL; - } - found_ex = ex; - } - } - if(found_ex) { - /* Found it */ - if(crit) *crit = found_ex->critical; - return X509V3_EXT_d2i(found_ex); - } - - /* Extension not found */ - if(idx) *idx = -1; - if(crit) *crit = -1; - return NULL; -} diff --git a/src/lib/libcrypto/x509v3/v3_pku.c b/src/lib/libcrypto/x509v3/v3_pku.c deleted file mode 100644 index 30a62c6090..0000000000 --- a/src/lib/libcrypto/x509v3/v3_pku.c +++ /dev/null @@ -1,151 +0,0 @@ -/* v3_pku.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include "cryptlib.h" -#include -#include -#include - -static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, PKEY_USAGE_PERIOD *usage, BIO *out, int indent); -/* -static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values); -*/ -X509V3_EXT_METHOD v3_pkey_usage_period = { -NID_private_key_usage_period, 0, -(X509V3_EXT_NEW)PKEY_USAGE_PERIOD_new, -(X509V3_EXT_FREE)PKEY_USAGE_PERIOD_free, -(X509V3_EXT_D2I)d2i_PKEY_USAGE_PERIOD, -(X509V3_EXT_I2D)i2d_PKEY_USAGE_PERIOD, -NULL, NULL, NULL, NULL, -(X509V3_EXT_I2R)i2r_PKEY_USAGE_PERIOD, NULL, -NULL -}; - -int i2d_PKEY_USAGE_PERIOD(PKEY_USAGE_PERIOD *a, unsigned char **pp) -{ - M_ASN1_I2D_vars(a); - - M_ASN1_I2D_len_IMP_opt (a->notBefore, i2d_ASN1_GENERALIZEDTIME); - M_ASN1_I2D_len_IMP_opt (a->notAfter, i2d_ASN1_GENERALIZEDTIME); - - M_ASN1_I2D_seq_total(); - - M_ASN1_I2D_put_IMP_opt (a->notBefore, i2d_ASN1_GENERALIZEDTIME, 0); - M_ASN1_I2D_put_IMP_opt (a->notAfter, i2d_ASN1_GENERALIZEDTIME, 1); - - M_ASN1_I2D_finish(); -} - -PKEY_USAGE_PERIOD *PKEY_USAGE_PERIOD_new(void) -{ - PKEY_USAGE_PERIOD *ret=NULL; - ASN1_CTX c; - M_ASN1_New_Malloc(ret, PKEY_USAGE_PERIOD); - ret->notBefore = NULL; - ret->notAfter = NULL; - return (ret); - M_ASN1_New_Error(ASN1_F_PKEY_USAGE_PERIOD_NEW); -} - -PKEY_USAGE_PERIOD *d2i_PKEY_USAGE_PERIOD(PKEY_USAGE_PERIOD **a, - unsigned char **pp, long length) -{ - M_ASN1_D2I_vars(a,PKEY_USAGE_PERIOD *,PKEY_USAGE_PERIOD_new); - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - M_ASN1_D2I_get_IMP_opt (ret->notBefore, d2i_ASN1_GENERALIZEDTIME, 0, - V_ASN1_GENERALIZEDTIME); - M_ASN1_D2I_get_IMP_opt (ret->notAfter, d2i_ASN1_GENERALIZEDTIME, 1, - V_ASN1_GENERALIZEDTIME); - M_ASN1_D2I_Finish(a, PKEY_USAGE_PERIOD_free, ASN1_F_D2I_PKEY_USAGE_PERIOD); -} - -void PKEY_USAGE_PERIOD_free(PKEY_USAGE_PERIOD *a) -{ - if (a == NULL) return; - M_ASN1_GENERALIZEDTIME_free(a->notBefore); - M_ASN1_GENERALIZEDTIME_free(a->notAfter); - Free (a); -} - -static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, - PKEY_USAGE_PERIOD *usage, BIO *out, int indent) -{ - BIO_printf(out, "%*s", indent, ""); - if(usage->notBefore) { - BIO_write(out, "Not Before: ", 12); - ASN1_GENERALIZEDTIME_print(out, usage->notBefore); - if(usage->notAfter) BIO_write(out, ", ", 2); - } - if(usage->notAfter) { - BIO_write(out, "Not After: ", 11); - ASN1_GENERALIZEDTIME_print(out, usage->notAfter); - } - return 1; -} - -/* -static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(method, ctx, values) -X509V3_EXT_METHOD *method; -X509V3_CTX *ctx; -STACK_OF(CONF_VALUE) *values; -{ -return NULL; -} -*/ diff --git a/src/lib/libcrypto/x509v3/v3_prn.c b/src/lib/libcrypto/x509v3/v3_prn.c deleted file mode 100644 index bee624c6be..0000000000 --- a/src/lib/libcrypto/x509v3/v3_prn.c +++ /dev/null @@ -1,151 +0,0 @@ -/* v3_prn.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* X509 v3 extension utilities */ - -#include -#include "cryptlib.h" -#include -#include - -/* Extension printing routines */ - -/* Print out a name+value stack */ - -void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml) -{ - int i; - CONF_VALUE *nval; - if(!val) return; - if(!ml || !sk_CONF_VALUE_num(val)) { - BIO_printf(out, "%*s", indent, ""); - if(!sk_CONF_VALUE_num(val)) BIO_puts(out, "\n"); - } - for(i = 0; i < sk_CONF_VALUE_num(val); i++) { - if(ml) BIO_printf(out, "%*s", indent, ""); - else if(i > 0) BIO_printf(out, ", "); - nval = sk_CONF_VALUE_value(val, i); - if(!nval->name) BIO_puts(out, nval->value); - else if(!nval->value) BIO_puts(out, nval->name); -#ifndef CHARSET_EBCDIC - else BIO_printf(out, "%s:%s", nval->name, nval->value); -#else - else { - char tmp[10240]; /* 10k is BIO_printf's limit anyway */ - ascii2ebcdic(tmp, nval->value, strlen(nval->value)+1); - BIO_printf(out, "%s:%s", nval->name, tmp); - } -#endif - if(ml) BIO_puts(out, "\n"); - } -} - -/* Main routine: print out a general extension */ - -int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent) -{ - char *ext_str = NULL, *value = NULL; - unsigned char *p; - X509V3_EXT_METHOD *method; - STACK_OF(CONF_VALUE) *nval = NULL; - int ok = 1; - if(!(method = X509V3_EXT_get(ext))) return 0; - p = ext->value->data; - if(!(ext_str = method->d2i(NULL, &p, ext->value->length))) return 0; - if(method->i2s) { - if(!(value = method->i2s(method, ext_str))) { - ok = 0; - goto err; - } -#ifndef CHARSET_EBCDIC - BIO_printf(out, "%*s%s", indent, "", value); -#else - { - char tmp[10240]; /* 10k is BIO_printf's limit anyway */ - ascii2ebcdic(tmp, value, strlen(value)+1); - BIO_printf(out, "%*s%s", indent, "", tmp); - } -#endif - } else if(method->i2v) { - if(!(nval = method->i2v(method, ext_str, NULL))) { - ok = 0; - goto err; - } - X509V3_EXT_val_prn(out, nval, indent, - method->ext_flags & X509V3_EXT_MULTILINE); - } else if(method->i2r) { - if(!method->i2r(method, ext_str, out, indent)) ok = 0; - } else ok = 0; - - err: - sk_CONF_VALUE_pop_free(nval, X509V3_conf_free); - if(value) Free(value); - method->ext_free(ext_str); - return ok; -} - -#ifndef NO_FP_API -int X509V3_EXT_print_fp(FILE *fp, X509_EXTENSION *ext, int flag, int indent) -{ - BIO *bio_tmp; - int ret; - if(!(bio_tmp = BIO_new_fp(fp, BIO_NOCLOSE))) return 0; - ret = X509V3_EXT_print(bio_tmp, ext, flag, indent); - BIO_free(bio_tmp); - return ret; -} -#endif diff --git a/src/lib/libcrypto/x509v3/v3_purp.c b/src/lib/libcrypto/x509v3/v3_purp.c deleted file mode 100644 index 5594a1d64f..0000000000 --- a/src/lib/libcrypto/x509v3/v3_purp.c +++ /dev/null @@ -1,463 +0,0 @@ -/* v3_purp.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include "cryptlib.h" -#include - - -static void x509v3_cache_extensions(X509 *x); - -static int ca_check(X509 *x); -static int check_purpose_ssl_client(X509_PURPOSE *xp, X509 *x, int ca); -static int check_purpose_ssl_server(X509_PURPOSE *xp, X509 *x, int ca); -static int check_purpose_ns_ssl_server(X509_PURPOSE *xp, X509 *x, int ca); -static int purpose_smime(X509 *x, int ca); -static int check_purpose_smime_sign(X509_PURPOSE *xp, X509 *x, int ca); -static int check_purpose_smime_encrypt(X509_PURPOSE *xp, X509 *x, int ca); -static int check_purpose_crl_sign(X509_PURPOSE *xp, X509 *x, int ca); -static int no_check(X509_PURPOSE *xp, X509 *x, int ca); - -static int xp_cmp(X509_PURPOSE **a, X509_PURPOSE **b); -static void xptable_free(X509_PURPOSE *p); - -static X509_PURPOSE xstandard[] = { - {X509_PURPOSE_SSL_CLIENT, X509_TRUST_SSL_CLIENT, 0, check_purpose_ssl_client, "SSL client", "sslclient", NULL}, - {X509_PURPOSE_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ssl_server, "SSL server", "sslserver", NULL}, - {X509_PURPOSE_NS_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ns_ssl_server, "Netscape SSL server", "nssslserver", NULL}, - {X509_PURPOSE_SMIME_SIGN, X509_TRUST_EMAIL, 0, check_purpose_smime_sign, "S/MIME signing", "smimesign", NULL}, - {X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0, check_purpose_smime_encrypt, "S/MIME encryption", "smimeencrypt", NULL}, - {X509_PURPOSE_CRL_SIGN, X509_TRUST_COMPAT, 0, check_purpose_crl_sign, "CRL signing", "crlsign", NULL}, - {X509_PURPOSE_ANY, X509_TRUST_DEFAULT, 0, no_check, "Any Purpose", "any", NULL}, -}; - -#define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE)) - -IMPLEMENT_STACK_OF(X509_PURPOSE) - -static STACK_OF(X509_PURPOSE) *xptable = NULL; - -static int xp_cmp(X509_PURPOSE **a, X509_PURPOSE **b) -{ - return (*a)->purpose - (*b)->purpose; -} - -int X509_check_purpose(X509 *x, int id, int ca) -{ - int idx; - X509_PURPOSE *pt; - if(!(x->ex_flags & EXFLAG_SET)) { - CRYPTO_w_lock(CRYPTO_LOCK_X509); - x509v3_cache_extensions(x); - CRYPTO_w_unlock(CRYPTO_LOCK_X509); - } - if(id == -1) return 1; - idx = X509_PURPOSE_get_by_id(id); - if(idx == -1) return -1; - pt = X509_PURPOSE_get0(idx); - return pt->check_purpose(pt, x, ca); -} - -int X509_PURPOSE_get_count(void) -{ - if(!xptable) return X509_PURPOSE_COUNT; - return sk_X509_PURPOSE_num(xptable) + X509_PURPOSE_COUNT; -} - -X509_PURPOSE * X509_PURPOSE_get0(int idx) -{ - if(idx < 0) return NULL; - if(idx < X509_PURPOSE_COUNT) return xstandard + idx; - return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT); -} - -int X509_PURPOSE_get_by_sname(char *sname) -{ - int i; - X509_PURPOSE *xptmp; - for(i = 0; i < X509_PURPOSE_get_count(); i++) { - xptmp = X509_PURPOSE_get0(i); - if(!strcmp(xptmp->sname, sname)) return i; - } - return -1; -} - - -int X509_PURPOSE_get_by_id(int purpose) -{ - X509_PURPOSE tmp; - int idx; - if((purpose >= X509_PURPOSE_MIN) && (purpose <= X509_PURPOSE_MAX)) - return purpose - X509_PURPOSE_MIN; - tmp.purpose = purpose; - if(!xptable) return -1; - idx = sk_X509_PURPOSE_find(xptable, &tmp); - if(idx == -1) return -1; - return idx + X509_PURPOSE_COUNT; -} - -int X509_PURPOSE_add(int id, int trust, int flags, - int (*ck)(X509_PURPOSE *, X509 *, int), - char *name, char *sname, void *arg) -{ - int idx; - X509_PURPOSE *ptmp; - /* This is set according to what we change: application can't set it */ - flags &= ~X509_PURPOSE_DYNAMIC; - /* This will always be set for application modified trust entries */ - flags |= X509_PURPOSE_DYNAMIC_NAME; - /* Get existing entry if any */ - idx = X509_PURPOSE_get_by_id(id); - /* Need a new entry */ - if(idx == -1) { - if(!(ptmp = Malloc(sizeof(X509_PURPOSE)))) { - X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE); - return 0; - } - ptmp->flags = X509_PURPOSE_DYNAMIC; - } else ptmp = X509_PURPOSE_get0(idx); - - /* Free existing name if dynamic */ - if(ptmp->flags & X509_PURPOSE_DYNAMIC_NAME) { - Free(ptmp->name); - Free(ptmp->sname); - } - /* dup supplied name */ - ptmp->name = BUF_strdup(name); - ptmp->sname = BUF_strdup(sname); - if(!ptmp->name || !ptmp->sname) { - X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE); - return 0; - } - /* Keep the dynamic flag of existing entry */ - ptmp->flags &= X509_PURPOSE_DYNAMIC; - /* Set all other flags */ - ptmp->flags |= flags; - - ptmp->purpose = id; - ptmp->trust = trust; - ptmp->check_purpose = ck; - ptmp->usr_data = arg; - - /* If its a new entry manage the dynamic table */ - if(idx == -1) { - if(!xptable && !(xptable = sk_X509_PURPOSE_new(xp_cmp))) { - X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE); - return 0; - } - if (!sk_X509_PURPOSE_push(xptable, ptmp)) { - X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE); - return 0; - } - } - return 1; -} - -static void xptable_free(X509_PURPOSE *p) - { - if(!p) return; - if (p->flags & X509_PURPOSE_DYNAMIC) - { - if (p->flags & X509_PURPOSE_DYNAMIC_NAME) { - Free(p->name); - Free(p->sname); - } - Free(p); - } - } - -void X509_PURPOSE_cleanup(void) -{ - int i; - sk_X509_PURPOSE_pop_free(xptable, xptable_free); - for(i = 0; i < X509_PURPOSE_COUNT; i++) xptable_free(xstandard + i); - xptable = NULL; -} - -int X509_PURPOSE_get_id(X509_PURPOSE *xp) -{ - return xp->purpose; -} - -char *X509_PURPOSE_get0_name(X509_PURPOSE *xp) -{ - return xp->name; -} - -char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp) -{ - return xp->sname; -} - -int X509_PURPOSE_get_trust(X509_PURPOSE *xp) -{ - return xp->trust; -} - -#ifndef NO_SHA -static void x509v3_cache_extensions(X509 *x) -{ - BASIC_CONSTRAINTS *bs; - ASN1_BIT_STRING *usage; - ASN1_BIT_STRING *ns; - STACK_OF(ASN1_OBJECT) *extusage; - int i; - if(x->ex_flags & EXFLAG_SET) return; - X509_digest(x, EVP_sha1(), x->sha1_hash, NULL); - /* Does subject name match issuer ? */ - if(!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x))) - x->ex_flags |= EXFLAG_SS; - /* V1 should mean no extensions ... */ - if(!X509_get_version(x)) x->ex_flags |= EXFLAG_V1; - /* Handle basic constraints */ - if((bs=X509_get_ext_d2i(x, NID_basic_constraints, NULL, NULL))) { - if(bs->ca) x->ex_flags |= EXFLAG_CA; - if(bs->pathlen) { - if((bs->pathlen->type == V_ASN1_NEG_INTEGER) - || !bs->ca) { - x->ex_flags |= EXFLAG_INVALID; - x->ex_pathlen = 0; - } else x->ex_pathlen = ASN1_INTEGER_get(bs->pathlen); - } else x->ex_pathlen = -1; - BASIC_CONSTRAINTS_free(bs); - x->ex_flags |= EXFLAG_BCONS; - } - /* Handle key usage */ - if((usage=X509_get_ext_d2i(x, NID_key_usage, NULL, NULL))) { - if(usage->length > 0) { - x->ex_kusage = usage->data[0]; - if(usage->length > 1) - x->ex_kusage |= usage->data[1] << 8; - } else x->ex_kusage = 0; - x->ex_flags |= EXFLAG_KUSAGE; - ASN1_BIT_STRING_free(usage); - } - x->ex_xkusage = 0; - if((extusage=X509_get_ext_d2i(x, NID_ext_key_usage, NULL, NULL))) { - x->ex_flags |= EXFLAG_XKUSAGE; - for(i = 0; i < sk_ASN1_OBJECT_num(extusage); i++) { - switch(OBJ_obj2nid(sk_ASN1_OBJECT_value(extusage,i))) { - case NID_server_auth: - x->ex_xkusage |= XKU_SSL_SERVER; - break; - - case NID_client_auth: - x->ex_xkusage |= XKU_SSL_CLIENT; - break; - - case NID_email_protect: - x->ex_xkusage |= XKU_SMIME; - break; - - case NID_code_sign: - x->ex_xkusage |= XKU_CODE_SIGN; - break; - - case NID_ms_sgc: - case NID_ns_sgc: - x->ex_xkusage |= XKU_SGC; - } - } - sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free); - } - - if((ns=X509_get_ext_d2i(x, NID_netscape_cert_type, NULL, NULL))) { - if(ns->length > 0) x->ex_nscert = ns->data[0]; - else x->ex_nscert = 0; - x->ex_flags |= EXFLAG_NSCERT; - ASN1_BIT_STRING_free(ns); - } - x->ex_flags |= EXFLAG_SET; -} -#endif - -/* CA checks common to all purposes - * return codes: - * 0 not a CA - * 1 is a CA - * 2 basicConstraints absent so "maybe" a CA - * 3 basicConstraints absent but self signed V1. - */ - -#define V1_ROOT (EXFLAG_V1|EXFLAG_SS) -#define ku_reject(x, usage) \ - (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage))) -#define xku_reject(x, usage) \ - (((x)->ex_flags & EXFLAG_XKUSAGE) && !((x)->ex_xkusage & (usage))) -#define ns_reject(x, usage) \ - (((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage))) - -static int ca_check(X509 *x) -{ - /* keyUsage if present should allow cert signing */ - if(ku_reject(x, KU_KEY_CERT_SIGN)) return 0; - if(x->ex_flags & EXFLAG_BCONS) { - if(x->ex_flags & EXFLAG_CA) return 1; - /* If basicConstraints says not a CA then say so */ - else return 0; - } else { - if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3; - else return 2; - } -} - - -static int check_purpose_ssl_client(X509_PURPOSE *xp, X509 *x, int ca) -{ - if(xku_reject(x,XKU_SSL_CLIENT)) return 0; - if(ca) { - int ca_ret; - ca_ret = ca_check(x); - if(!ca_ret) return 0; - /* check nsCertType if present */ - if(x->ex_flags & EXFLAG_NSCERT) { - if(x->ex_nscert & NS_SSL_CA) return ca_ret; - return 0; - } - if(ca_ret != 2) return ca_ret; - else return 0; - } - /* We need to do digital signatures with it */ - if(ku_reject(x,KU_DIGITAL_SIGNATURE)) return 0; - /* nsCertType if present should allow SSL client use */ - if(ns_reject(x, NS_SSL_CLIENT)) return 0; - return 1; -} - -static int check_purpose_ssl_server(X509_PURPOSE *xp, X509 *x, int ca) -{ - if(xku_reject(x,XKU_SSL_SERVER|XKU_SGC)) return 0; - /* Otherwise same as SSL client for a CA */ - if(ca) return check_purpose_ssl_client(xp, x, 1); - - if(ns_reject(x, NS_SSL_SERVER)) return 0; - /* Now as for keyUsage: we'll at least need to sign OR encipher */ - if(ku_reject(x, KU_DIGITAL_SIGNATURE|KU_KEY_ENCIPHERMENT)) return 0; - - return 1; - -} - -static int check_purpose_ns_ssl_server(X509_PURPOSE *xp, X509 *x, int ca) -{ - int ret; - ret = check_purpose_ssl_server(xp, x, ca); - if(!ret || ca) return ret; - /* We need to encipher or Netscape complains */ - if(ku_reject(x, KU_KEY_ENCIPHERMENT)) return 0; - return ret; -} - -/* common S/MIME checks */ -static int purpose_smime(X509 *x, int ca) -{ - if(xku_reject(x,XKU_SMIME)) return 0; - if(ca) { - int ca_ret; - ca_ret = ca_check(x); - if(!ca_ret) return 0; - /* check nsCertType if present */ - if(x->ex_flags & EXFLAG_NSCERT) { - if(x->ex_nscert & NS_SMIME_CA) return ca_ret; - return 0; - } - if(ca_ret != 2) return ca_ret; - else return 0; - } - if(x->ex_flags & EXFLAG_NSCERT) { - if(x->ex_nscert & NS_SMIME) return 1; - /* Workaround for some buggy certificates */ - if(x->ex_nscert & NS_SSL_CLIENT) return 2; - return 0; - } - return 1; -} - -static int check_purpose_smime_sign(X509_PURPOSE *xp, X509 *x, int ca) -{ - int ret; - ret = purpose_smime(x, ca); - if(!ret || ca) return ret; - if(ku_reject(x, KU_DIGITAL_SIGNATURE)) return 0; - return ret; -} - -static int check_purpose_smime_encrypt(X509_PURPOSE *xp, X509 *x, int ca) -{ - int ret; - ret = purpose_smime(x, ca); - if(!ret || ca) return ret; - if(ku_reject(x, KU_KEY_ENCIPHERMENT)) return 0; - return ret; -} - -static int check_purpose_crl_sign(X509_PURPOSE *xp, X509 *x, int ca) -{ - if(ca) { - int ca_ret; - if((ca_ret = ca_check(x)) != 2) return ca_ret; - else return 0; - } - if(ku_reject(x, KU_CRL_SIGN)) return 0; - return 1; -} - -static int no_check(X509_PURPOSE *xp, X509 *x, int ca) -{ - return 1; -} diff --git a/src/lib/libcrypto/x509v3/v3_skey.c b/src/lib/libcrypto/x509v3/v3_skey.c deleted file mode 100644 index 939845fa8f..0000000000 --- a/src/lib/libcrypto/x509v3/v3_skey.c +++ /dev/null @@ -1,149 +0,0 @@ -/* v3_skey.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - - -#include -#include "cryptlib.h" -#include - -static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); -X509V3_EXT_METHOD v3_skey_id = { -NID_subject_key_identifier, 0, -(X509V3_EXT_NEW)ASN1_OCTET_STRING_new, -(X509V3_EXT_FREE)ASN1_OCTET_STRING_free, -(X509V3_EXT_D2I)d2i_ASN1_OCTET_STRING, -(X509V3_EXT_I2D)i2d_ASN1_OCTET_STRING, -(X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING, -(X509V3_EXT_S2I)s2i_skey_id, -NULL, NULL, NULL, NULL, NULL}; - -char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, - ASN1_OCTET_STRING *oct) -{ - return hex_to_string(oct->data, oct->length); -} - -ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, char *str) -{ - ASN1_OCTET_STRING *oct; - long length; - - if(!(oct = M_ASN1_OCTET_STRING_new())) { - X509V3err(X509V3_F_S2I_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE); - return NULL; - } - - if(!(oct->data = string_to_hex(str, &length))) { - M_ASN1_OCTET_STRING_free(oct); - return NULL; - } - - oct->length = length; - - return oct; - -} - -static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, char *str) -{ - ASN1_OCTET_STRING *oct; - ASN1_BIT_STRING *pk; - unsigned char pkey_dig[EVP_MAX_MD_SIZE]; - EVP_MD_CTX md; - unsigned int diglen; - - if(strcmp(str, "hash")) return s2i_ASN1_OCTET_STRING(method, ctx, str); - - if(!(oct = M_ASN1_OCTET_STRING_new())) { - X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE); - return NULL; - } - - if(ctx && (ctx->flags == CTX_TEST)) return oct; - - if(!ctx || (!ctx->subject_req && !ctx->subject_cert)) { - X509V3err(X509V3_F_S2I_ASN1_SKEY_ID,X509V3_R_NO_PUBLIC_KEY); - goto err; - } - - if(ctx->subject_req) - pk = ctx->subject_req->req_info->pubkey->public_key; - else pk = ctx->subject_cert->cert_info->key->public_key; - - if(!pk) { - X509V3err(X509V3_F_S2I_ASN1_SKEY_ID,X509V3_R_NO_PUBLIC_KEY); - goto err; - } - - EVP_DigestInit(&md, EVP_sha1()); - EVP_DigestUpdate(&md, pk->data, pk->length); - EVP_DigestFinal(&md, pkey_dig, &diglen); - - if(!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) { - X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE); - goto err; - } - - return oct; - - err: - M_ASN1_OCTET_STRING_free(oct); - return NULL; -} diff --git a/src/lib/libcrypto/x509v3/v3_sxnet.c b/src/lib/libcrypto/x509v3/v3_sxnet.c deleted file mode 100644 index 20ba8ac8d6..0000000000 --- a/src/lib/libcrypto/x509v3/v3_sxnet.c +++ /dev/null @@ -1,340 +0,0 @@ -/* v3_sxnet.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include "cryptlib.h" -#include -#include -#include -#include - -/* Support for Thawte strong extranet extension */ - -#define SXNET_TEST - -static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, int indent); -#ifdef SXNET_TEST -static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *nval); -#endif -X509V3_EXT_METHOD v3_sxnet = { -NID_sxnet, X509V3_EXT_MULTILINE, -(X509V3_EXT_NEW)SXNET_new, -(X509V3_EXT_FREE)SXNET_free, -(X509V3_EXT_D2I)d2i_SXNET, -(X509V3_EXT_I2D)i2d_SXNET, -NULL, NULL, -NULL, -#ifdef SXNET_TEST -(X509V3_EXT_V2I)sxnet_v2i, -#else -NULL, -#endif -(X509V3_EXT_I2R)sxnet_i2r, -NULL, -NULL -}; - - -int i2d_SXNET(SXNET *a, unsigned char **pp) -{ - M_ASN1_I2D_vars(a); - - M_ASN1_I2D_len (a->version, i2d_ASN1_INTEGER); - M_ASN1_I2D_len_SEQUENCE_type (SXNETID, a->ids, i2d_SXNETID); - - M_ASN1_I2D_seq_total(); - - M_ASN1_I2D_put (a->version, i2d_ASN1_INTEGER); - M_ASN1_I2D_put_SEQUENCE_type (SXNETID, a->ids, i2d_SXNETID); - - M_ASN1_I2D_finish(); -} - -SXNET *SXNET_new(void) -{ - SXNET *ret=NULL; - ASN1_CTX c; - M_ASN1_New_Malloc(ret, SXNET); - M_ASN1_New(ret->version,M_ASN1_INTEGER_new); - M_ASN1_New(ret->ids,sk_SXNETID_new_null); - return (ret); - M_ASN1_New_Error(ASN1_F_SXNET_NEW); -} - -SXNET *d2i_SXNET(SXNET **a, unsigned char **pp, long length) -{ - M_ASN1_D2I_vars(a,SXNET *,SXNET_new); - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - M_ASN1_D2I_get (ret->version, d2i_ASN1_INTEGER); - M_ASN1_D2I_get_seq_type (SXNETID, ret->ids, d2i_SXNETID, SXNETID_free); - M_ASN1_D2I_Finish(a, SXNET_free, ASN1_F_D2I_SXNET); -} - -void SXNET_free(SXNET *a) -{ - if (a == NULL) return; - M_ASN1_INTEGER_free(a->version); - sk_SXNETID_pop_free(a->ids, SXNETID_free); - Free (a); -} - -int i2d_SXNETID(SXNETID *a, unsigned char **pp) -{ - M_ASN1_I2D_vars(a); - - M_ASN1_I2D_len (a->zone, i2d_ASN1_INTEGER); - M_ASN1_I2D_len (a->user, i2d_ASN1_OCTET_STRING); - - M_ASN1_I2D_seq_total(); - - M_ASN1_I2D_put (a->zone, i2d_ASN1_INTEGER); - M_ASN1_I2D_put (a->user, i2d_ASN1_OCTET_STRING); - - M_ASN1_I2D_finish(); -} - -SXNETID *SXNETID_new(void) -{ - SXNETID *ret=NULL; - ASN1_CTX c; - M_ASN1_New_Malloc(ret, SXNETID); - ret->zone = NULL; - M_ASN1_New(ret->user,M_ASN1_OCTET_STRING_new); - return (ret); - M_ASN1_New_Error(ASN1_F_SXNETID_NEW); -} - -SXNETID *d2i_SXNETID(SXNETID **a, unsigned char **pp, long length) -{ - M_ASN1_D2I_vars(a,SXNETID *,SXNETID_new); - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - M_ASN1_D2I_get(ret->zone, d2i_ASN1_INTEGER); - M_ASN1_D2I_get(ret->user, d2i_ASN1_OCTET_STRING); - M_ASN1_D2I_Finish(a, SXNETID_free, ASN1_F_D2I_SXNETID); -} - -void SXNETID_free(SXNETID *a) -{ - if (a == NULL) return; - M_ASN1_INTEGER_free(a->zone); - M_ASN1_OCTET_STRING_free(a->user); - Free (a); -} - -static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, - int indent) -{ - long v; - char *tmp; - SXNETID *id; - int i; - v = ASN1_INTEGER_get(sx->version); - BIO_printf(out, "%*sVersion: %d (0x%X)", indent, "", v + 1, v); - for(i = 0; i < sk_SXNETID_num(sx->ids); i++) { - id = sk_SXNETID_value(sx->ids, i); - tmp = i2s_ASN1_INTEGER(NULL, id->zone); - BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp); - Free(tmp); - M_ASN1_OCTET_STRING_print(out, id->user); - } - return 1; -} - -#ifdef SXNET_TEST - -/* NBB: this is used for testing only. It should *not* be used for anything - * else because it will just take static IDs from the configuration file and - * they should really be separate values for each user. - */ - - -static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *nval) -{ - CONF_VALUE *cnf; - SXNET *sx = NULL; - int i; - for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { - cnf = sk_CONF_VALUE_value(nval, i); - if(!SXNET_add_id_asc(&sx, cnf->name, cnf->value, -1)) - return NULL; - } - return sx; -} - - -#endif - -/* Strong Extranet utility functions */ - -/* Add an id given the zone as an ASCII number */ - -int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, - int userlen) -{ - ASN1_INTEGER *izone = NULL; - if(!(izone = s2i_ASN1_INTEGER(NULL, zone))) { - X509V3err(X509V3_F_SXNET_ADD_ASC,X509V3_R_ERROR_CONVERTING_ZONE); - return 0; - } - return SXNET_add_id_INTEGER(psx, izone, user, userlen); -} - -/* Add an id given the zone as an unsigned long */ - -int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, - int userlen) -{ - ASN1_INTEGER *izone = NULL; - if(!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) { - X509V3err(X509V3_F_SXNET_ADD_ID_ULONG,ERR_R_MALLOC_FAILURE); - M_ASN1_INTEGER_free(izone); - return 0; - } - return SXNET_add_id_INTEGER(psx, izone, user, userlen); - -} - -/* Add an id given the zone as an ASN1_INTEGER. - * Note this version uses the passed integer and doesn't make a copy so don't - * free it up afterwards. - */ - -int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user, - int userlen) -{ - SXNET *sx = NULL; - SXNETID *id = NULL; - if(!psx || !zone || !user) { - X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_INVALID_NULL_ARGUMENT); - return 0; - } - if(userlen == -1) userlen = strlen(user); - if(userlen > 64) { - X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_USER_TOO_LONG); - return 0; - } - if(!*psx) { - if(!(sx = SXNET_new())) goto err; - if(!ASN1_INTEGER_set(sx->version, 0)) goto err; - *psx = sx; - } else sx = *psx; - if(SXNET_get_id_INTEGER(sx, zone)) { - X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_DUPLICATE_ZONE_ID); - return 0; - } - - if(!(id = SXNETID_new())) goto err; - if(userlen == -1) userlen = strlen(user); - - if(!M_ASN1_OCTET_STRING_set(id->user, user, userlen)) goto err; - if(!sk_SXNETID_push(sx->ids, id)) goto err; - id->zone = zone; - return 1; - - err: - X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,ERR_R_MALLOC_FAILURE); - SXNETID_free(id); - SXNET_free(sx); - *psx = NULL; - return 0; -} - -ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone) -{ - ASN1_INTEGER *izone = NULL; - ASN1_OCTET_STRING *oct; - if(!(izone = s2i_ASN1_INTEGER(NULL, zone))) { - X509V3err(X509V3_F_SXNET_GET_ID_ASC,X509V3_R_ERROR_CONVERTING_ZONE); - return NULL; - } - oct = SXNET_get_id_INTEGER(sx, izone); - M_ASN1_INTEGER_free(izone); - return oct; -} - -ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone) -{ - ASN1_INTEGER *izone = NULL; - ASN1_OCTET_STRING *oct; - if(!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) { - X509V3err(X509V3_F_SXNET_GET_ID_ULONG,ERR_R_MALLOC_FAILURE); - M_ASN1_INTEGER_free(izone); - return NULL; - } - oct = SXNET_get_id_INTEGER(sx, izone); - M_ASN1_INTEGER_free(izone); - return oct; -} - -ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone) -{ - SXNETID *id; - int i; - for(i = 0; i < sk_SXNETID_num(sx->ids); i++) { - id = sk_SXNETID_value(sx->ids, i); - if(!M_ASN1_INTEGER_cmp(id->zone, zone)) return id->user; - } - return NULL; -} - -IMPLEMENT_STACK_OF(SXNETID) -IMPLEMENT_ASN1_SET_OF(SXNETID) diff --git a/src/lib/libcrypto/x509v3/v3_utl.c b/src/lib/libcrypto/x509v3/v3_utl.c deleted file mode 100644 index 4c2c4a9483..0000000000 --- a/src/lib/libcrypto/x509v3/v3_utl.c +++ /dev/null @@ -1,418 +0,0 @@ -/* v3_utl.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* X509 v3 extension utilities */ - - -#include -#include -#include "cryptlib.h" -#include -#include - -static char *strip_spaces(char *name); - -/* Add a CONF_VALUE name value pair to stack */ - -int X509V3_add_value(const char *name, const char *value, - STACK_OF(CONF_VALUE) **extlist) -{ - CONF_VALUE *vtmp = NULL; - char *tname = NULL, *tvalue = NULL; - if(name && !(tname = BUF_strdup(name))) goto err; - if(value && !(tvalue = BUF_strdup(value))) goto err;; - if(!(vtmp = (CONF_VALUE *)Malloc(sizeof(CONF_VALUE)))) goto err; - if(!*extlist && !(*extlist = sk_CONF_VALUE_new(NULL))) goto err; - vtmp->section = NULL; - vtmp->name = tname; - vtmp->value = tvalue; - if(!sk_CONF_VALUE_push(*extlist, vtmp)) goto err; - return 1; - err: - X509V3err(X509V3_F_X509V3_ADD_VALUE,ERR_R_MALLOC_FAILURE); - if(vtmp) Free(vtmp); - if(tname) Free(tname); - if(tvalue) Free(tvalue); - return 0; -} - -int X509V3_add_value_uchar(const char *name, const unsigned char *value, - STACK_OF(CONF_VALUE) **extlist) - { - return X509V3_add_value(name,(const char *)value,extlist); - } - -/* Free function for STACK_OF(CONF_VALUE) */ - -void X509V3_conf_free(CONF_VALUE *conf) -{ - if(!conf) return; - if(conf->name) Free(conf->name); - if(conf->value) Free(conf->value); - if(conf->section) Free(conf->section); - Free(conf); -} - -int X509V3_add_value_bool(const char *name, int asn1_bool, - STACK_OF(CONF_VALUE) **extlist) -{ - if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist); - return X509V3_add_value(name, "FALSE", extlist); -} - -int X509V3_add_value_bool_nf(char *name, int asn1_bool, - STACK_OF(CONF_VALUE) **extlist) -{ - if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist); - return 1; -} - - -char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, ASN1_ENUMERATED *a) -{ - BIGNUM *bntmp = NULL; - char *strtmp = NULL; - if(!a) return NULL; - if(!(bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) || - !(strtmp = BN_bn2dec(bntmp)) ) - X509V3err(X509V3_F_I2S_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE); - BN_free(bntmp); - return strtmp; -} - -char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, ASN1_INTEGER *a) -{ - BIGNUM *bntmp = NULL; - char *strtmp = NULL; - if(!a) return NULL; - if(!(bntmp = ASN1_INTEGER_to_BN(a, NULL)) || - !(strtmp = BN_bn2dec(bntmp)) ) - X509V3err(X509V3_F_I2S_ASN1_INTEGER,ERR_R_MALLOC_FAILURE); - BN_free(bntmp); - return strtmp; -} - -ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value) -{ - BIGNUM *bn = NULL; - ASN1_INTEGER *aint; - bn = BN_new(); - if(!value) { - X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_INVALID_NULL_VALUE); - return 0; - } - if(!BN_dec2bn(&bn, value)) { - X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_DEC2BN_ERROR); - return 0; - } - - if(!(aint = BN_to_ASN1_INTEGER(bn, NULL))) { - X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_TO_ASN1_INTEGER_ERROR); - return 0; - } - BN_free(bn); - return aint; -} - -int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint, - STACK_OF(CONF_VALUE) **extlist) -{ - char *strtmp; - int ret; - if(!aint) return 1; - if(!(strtmp = i2s_ASN1_INTEGER(NULL, aint))) return 0; - ret = X509V3_add_value(name, strtmp, extlist); - Free(strtmp); - return ret; -} - -int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool) -{ - char *btmp; - if(!(btmp = value->value)) goto err; - if(!strcmp(btmp, "TRUE") || !strcmp(btmp, "true") - || !strcmp(btmp, "Y") || !strcmp(btmp, "y") - || !strcmp(btmp, "YES") || !strcmp(btmp, "yes")) { - *asn1_bool = 0xff; - return 1; - } else if(!strcmp(btmp, "FALSE") || !strcmp(btmp, "false") - || !strcmp(btmp, "N") || !strcmp(btmp, "n") - || !strcmp(btmp, "NO") || !strcmp(btmp, "no")) { - *asn1_bool = 0; - return 1; - } - err: - X509V3err(X509V3_F_X509V3_GET_VALUE_BOOL,X509V3_R_INVALID_BOOLEAN_STRING); - X509V3_conf_err(value); - return 0; -} - -int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint) -{ - ASN1_INTEGER *itmp; - if(!(itmp = s2i_ASN1_INTEGER(NULL, value->value))) { - X509V3_conf_err(value); - return 0; - } - *aint = itmp; - return 1; -} - -#define HDR_NAME 1 -#define HDR_VALUE 2 - -/*#define DEBUG*/ - -STACK_OF(CONF_VALUE) *X509V3_parse_list(char *line) -{ - char *p, *q, c; - char *ntmp, *vtmp; - STACK_OF(CONF_VALUE) *values = NULL; - char *linebuf; - int state; - /* We are going to modify the line so copy it first */ - linebuf = BUF_strdup(line); - state = HDR_NAME; - ntmp = NULL; - /* Go through all characters */ - for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) { - - switch(state) { - case HDR_NAME: - if(c == ':') { - state = HDR_VALUE; - *p = 0; - ntmp = strip_spaces(q); - if(!ntmp) { - X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME); - goto err; - } - q = p + 1; - } else if(c == ',') { - *p = 0; - ntmp = strip_spaces(q); - q = p + 1; -#ifdef DEBUG - printf("%s\n", ntmp); -#endif - if(!ntmp) { - X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME); - goto err; - } - X509V3_add_value(ntmp, NULL, &values); - } - break ; - - case HDR_VALUE: - if(c == ',') { - state = HDR_NAME; - *p = 0; - vtmp = strip_spaces(q); -#ifdef DEBUG - printf("%s\n", ntmp); -#endif - if(!vtmp) { - X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE); - goto err; - } - X509V3_add_value(ntmp, vtmp, &values); - ntmp = NULL; - q = p + 1; - } - - } - } - - if(state == HDR_VALUE) { - vtmp = strip_spaces(q); -#ifdef DEBUG - printf("%s=%s\n", ntmp, vtmp); -#endif - if(!vtmp) { - X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE); - goto err; - } - X509V3_add_value(ntmp, vtmp, &values); - } else { - ntmp = strip_spaces(q); -#ifdef DEBUG - printf("%s\n", ntmp); -#endif - if(!ntmp) { - X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME); - goto err; - } - X509V3_add_value(ntmp, NULL, &values); - } -Free(linebuf); -return values; - -err: -Free(linebuf); -sk_CONF_VALUE_pop_free(values, X509V3_conf_free); -return NULL; - -} - -/* Delete leading and trailing spaces from a string */ -static char *strip_spaces(char *name) -{ - char *p, *q; - /* Skip over leading spaces */ - p = name; - while(*p && isspace((unsigned char)*p)) p++; - if(!*p) return NULL; - q = p + strlen(p) - 1; - while((q != p) && isspace((unsigned char)*q)) q--; - if(p != q) q[1] = 0; - if(!*p) return NULL; - return p; -} - -/* hex string utilities */ - -/* Given a buffer of length 'len' return a Malloc'ed string with its - * hex representation - */ - -char *hex_to_string(unsigned char *buffer, long len) -{ - char *tmp, *q; - unsigned char *p; - int i; - static char hexdig[] = "0123456789ABCDEF"; - if(!buffer || !len) return NULL; - if(!(tmp = Malloc(len * 3 + 1))) { - X509V3err(X509V3_F_HEX_TO_STRING,ERR_R_MALLOC_FAILURE); - return NULL; - } - q = tmp; - for(i = 0, p = buffer; i < len; i++,p++) { - *q++ = hexdig[(*p >> 4) & 0xf]; - *q++ = hexdig[*p & 0xf]; - *q++ = ':'; - } - q[-1] = 0; - return tmp; -} - -/* Give a string of hex digits convert to - * a buffer - */ - -unsigned char *string_to_hex(char *str, long *len) -{ - unsigned char *hexbuf, *q; - unsigned char ch, cl, *p; - if(!str) { - X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_INVALID_NULL_ARGUMENT); - return NULL; - } - if(!(hexbuf = Malloc(strlen(str) >> 1))) goto err; - for(p = (unsigned char *)str, q = hexbuf; *p;) { - ch = *p++; - if(ch == ':') continue; - cl = *p++; - if(!cl) { - X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ODD_NUMBER_OF_DIGITS); - Free(hexbuf); - return NULL; - } - if(isupper(ch)) ch = tolower(ch); - if(isupper(cl)) cl = tolower(cl); - - if((ch >= '0') && (ch <= '9')) ch -= '0'; - else if ((ch >= 'a') && (ch <= 'f')) ch -= 'a' - 10; - else goto badhex; - - if((cl >= '0') && (cl <= '9')) cl -= '0'; - else if ((cl >= 'a') && (cl <= 'f')) cl -= 'a' - 10; - else goto badhex; - - *q++ = (ch << 4) | cl; - } - - if(len) *len = q - hexbuf; - - return hexbuf; - - err: - if(hexbuf) Free(hexbuf); - X509V3err(X509V3_F_STRING_TO_HEX,ERR_R_MALLOC_FAILURE); - return NULL; - - badhex: - Free(hexbuf); - X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ILLEGAL_HEX_DIGIT); - return NULL; - -} - -/* V2I name comparison function: returns zero if 'name' matches - * cmp or cmp.* - */ - -int name_cmp(const char *name, const char *cmp) -{ - int len, ret; - char c; - len = strlen(cmp); - if((ret = strncmp(name, cmp, len))) return ret; - c = name[len]; - if(!c || (c=='.')) return 0; - return 1; -} diff --git a/src/lib/libcrypto/x509v3/v3err.c b/src/lib/libcrypto/x509v3/v3err.c deleted file mode 100644 index aa4a605dc4..0000000000 --- a/src/lib/libcrypto/x509v3/v3err.c +++ /dev/null @@ -1,176 +0,0 @@ -/* crypto/x509v3/v3err.c */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -/* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - -#include -#include -#include - -/* BEGIN ERROR CODES */ -#ifndef NO_ERR -static ERR_STRING_DATA X509V3_str_functs[]= - { -{ERR_PACK(0,X509V3_F_COPY_EMAIL,0), "COPY_EMAIL"}, -{ERR_PACK(0,X509V3_F_COPY_ISSUER,0), "COPY_ISSUER"}, -{ERR_PACK(0,X509V3_F_DO_EXT_CONF,0), "DO_EXT_CONF"}, -{ERR_PACK(0,X509V3_F_DO_EXT_I2D,0), "DO_EXT_I2D"}, -{ERR_PACK(0,X509V3_F_HEX_TO_STRING,0), "hex_to_string"}, -{ERR_PACK(0,X509V3_F_I2S_ASN1_ENUMERATED,0), "i2s_ASN1_ENUMERATED"}, -{ERR_PACK(0,X509V3_F_I2S_ASN1_INTEGER,0), "i2s_ASN1_INTEGER"}, -{ERR_PACK(0,X509V3_F_I2V_AUTHORITY_INFO_ACCESS,0), "I2V_AUTHORITY_INFO_ACCESS"}, -{ERR_PACK(0,X509V3_F_NOTICE_SECTION,0), "NOTICE_SECTION"}, -{ERR_PACK(0,X509V3_F_NREF_NOS,0), "NREF_NOS"}, -{ERR_PACK(0,X509V3_F_POLICY_SECTION,0), "POLICY_SECTION"}, -{ERR_PACK(0,X509V3_F_R2I_CERTPOL,0), "R2I_CERTPOL"}, -{ERR_PACK(0,X509V3_F_S2I_ASN1_IA5STRING,0), "S2I_ASN1_IA5STRING"}, -{ERR_PACK(0,X509V3_F_S2I_ASN1_INTEGER,0), "s2i_ASN1_INTEGER"}, -{ERR_PACK(0,X509V3_F_S2I_ASN1_OCTET_STRING,0), "s2i_ASN1_OCTET_STRING"}, -{ERR_PACK(0,X509V3_F_S2I_ASN1_SKEY_ID,0), "S2I_ASN1_SKEY_ID"}, -{ERR_PACK(0,X509V3_F_S2I_S2I_SKEY_ID,0), "S2I_S2I_SKEY_ID"}, -{ERR_PACK(0,X509V3_F_STRING_TO_HEX,0), "string_to_hex"}, -{ERR_PACK(0,X509V3_F_SXNET_ADD_ASC,0), "SXNET_ADD_ASC"}, -{ERR_PACK(0,X509V3_F_SXNET_ADD_ID_INTEGER,0), "SXNET_add_id_INTEGER"}, -{ERR_PACK(0,X509V3_F_SXNET_ADD_ID_ULONG,0), "SXNET_add_id_ulong"}, -{ERR_PACK(0,X509V3_F_SXNET_GET_ID_ASC,0), "SXNET_get_id_asc"}, -{ERR_PACK(0,X509V3_F_SXNET_GET_ID_ULONG,0), "SXNET_get_id_ulong"}, -{ERR_PACK(0,X509V3_F_V2I_ACCESS_DESCRIPTION,0), "V2I_ACCESS_DESCRIPTION"}, -{ERR_PACK(0,X509V3_F_V2I_ASN1_BIT_STRING,0), "V2I_ASN1_BIT_STRING"}, -{ERR_PACK(0,X509V3_F_V2I_AUTHORITY_KEYID,0), "V2I_AUTHORITY_KEYID"}, -{ERR_PACK(0,X509V3_F_V2I_BASIC_CONSTRAINTS,0), "V2I_BASIC_CONSTRAINTS"}, -{ERR_PACK(0,X509V3_F_V2I_CRLD,0), "V2I_CRLD"}, -{ERR_PACK(0,X509V3_F_V2I_EXT_KU,0), "V2I_EXT_KU"}, -{ERR_PACK(0,X509V3_F_V2I_GENERAL_NAME,0), "v2i_GENERAL_NAME"}, -{ERR_PACK(0,X509V3_F_V2I_GENERAL_NAMES,0), "v2i_GENERAL_NAMES"}, -{ERR_PACK(0,X509V3_F_V3_GENERIC_EXTENSION,0), "V3_GENERIC_EXTENSION"}, -{ERR_PACK(0,X509V3_F_X509V3_ADD_VALUE,0), "X509V3_add_value"}, -{ERR_PACK(0,X509V3_F_X509V3_EXT_ADD,0), "X509V3_EXT_add"}, -{ERR_PACK(0,X509V3_F_X509V3_EXT_ADD_ALIAS,0), "X509V3_EXT_add_alias"}, -{ERR_PACK(0,X509V3_F_X509V3_EXT_CONF,0), "X509V3_EXT_conf"}, -{ERR_PACK(0,X509V3_F_X509V3_EXT_I2D,0), "X509V3_EXT_i2d"}, -{ERR_PACK(0,X509V3_F_X509V3_GET_VALUE_BOOL,0), "X509V3_get_value_bool"}, -{ERR_PACK(0,X509V3_F_X509V3_PARSE_LIST,0), "X509V3_parse_list"}, -{ERR_PACK(0,X509V3_F_X509_PURPOSE_ADD,0), "X509_PURPOSE_add"}, -{0,NULL} - }; - -static ERR_STRING_DATA X509V3_str_reasons[]= - { -{X509V3_R_BAD_IP_ADDRESS ,"bad ip address"}, -{X509V3_R_BAD_OBJECT ,"bad object"}, -{X509V3_R_BN_DEC2BN_ERROR ,"bn dec2bn error"}, -{X509V3_R_BN_TO_ASN1_INTEGER_ERROR ,"bn to asn1 integer error"}, -{X509V3_R_DUPLICATE_ZONE_ID ,"duplicate zone id"}, -{X509V3_R_ERROR_CONVERTING_ZONE ,"error converting zone"}, -{X509V3_R_ERROR_IN_EXTENSION ,"error in extension"}, -{X509V3_R_EXPECTED_A_SECTION_NAME ,"expected a section name"}, -{X509V3_R_EXTENSION_NAME_ERROR ,"extension name error"}, -{X509V3_R_EXTENSION_NOT_FOUND ,"extension not found"}, -{X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED,"extension setting not supported"}, -{X509V3_R_EXTENSION_VALUE_ERROR ,"extension value error"}, -{X509V3_R_ILLEGAL_HEX_DIGIT ,"illegal hex digit"}, -{X509V3_R_INVALID_BOOLEAN_STRING ,"invalid boolean string"}, -{X509V3_R_INVALID_EXTENSION_STRING ,"invalid extension string"}, -{X509V3_R_INVALID_NAME ,"invalid name"}, -{X509V3_R_INVALID_NULL_ARGUMENT ,"invalid null argument"}, -{X509V3_R_INVALID_NULL_NAME ,"invalid null name"}, -{X509V3_R_INVALID_NULL_VALUE ,"invalid null value"}, -{X509V3_R_INVALID_NUMBER ,"invalid number"}, -{X509V3_R_INVALID_NUMBERS ,"invalid numbers"}, -{X509V3_R_INVALID_OBJECT_IDENTIFIER ,"invalid object identifier"}, -{X509V3_R_INVALID_OPTION ,"invalid option"}, -{X509V3_R_INVALID_POLICY_IDENTIFIER ,"invalid policy identifier"}, -{X509V3_R_INVALID_SECTION ,"invalid section"}, -{X509V3_R_INVALID_SYNTAX ,"invalid syntax"}, -{X509V3_R_ISSUER_DECODE_ERROR ,"issuer decode error"}, -{X509V3_R_MISSING_VALUE ,"missing value"}, -{X509V3_R_NEED_ORGANIZATION_AND_NUMBERS ,"need organization and numbers"}, -{X509V3_R_NO_CONFIG_DATABASE ,"no config database"}, -{X509V3_R_NO_ISSUER_CERTIFICATE ,"no issuer certificate"}, -{X509V3_R_NO_ISSUER_DETAILS ,"no issuer details"}, -{X509V3_R_NO_POLICY_IDENTIFIER ,"no policy identifier"}, -{X509V3_R_NO_PUBLIC_KEY ,"no public key"}, -{X509V3_R_NO_SUBJECT_DETAILS ,"no subject details"}, -{X509V3_R_ODD_NUMBER_OF_DIGITS ,"odd number of digits"}, -{X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS ,"unable to get issuer details"}, -{X509V3_R_UNABLE_TO_GET_ISSUER_KEYID ,"unable to get issuer keyid"}, -{X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT ,"unknown bit string argument"}, -{X509V3_R_UNKNOWN_EXTENSION ,"unknown extension"}, -{X509V3_R_UNKNOWN_EXTENSION_NAME ,"unknown extension name"}, -{X509V3_R_UNKNOWN_OPTION ,"unknown option"}, -{X509V3_R_UNSUPPORTED_OPTION ,"unsupported option"}, -{X509V3_R_USER_TOO_LONG ,"user too long"}, -{0,NULL} - }; - -#endif - -void ERR_load_X509V3_strings(void) - { - static int init=1; - - if (init) - { - init=0; -#ifndef NO_ERR - ERR_load_strings(ERR_LIB_X509V3,X509V3_str_functs); - ERR_load_strings(ERR_LIB_X509V3,X509V3_str_reasons); -#endif - - } - } diff --git a/src/lib/libcrypto/x509v3/x509v3.h b/src/lib/libcrypto/x509v3/x509v3.h deleted file mode 100644 index 96ceb7c4fb..0000000000 --- a/src/lib/libcrypto/x509v3/x509v3.h +++ /dev/null @@ -1,644 +0,0 @@ -/* x509v3.h */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -#ifndef HEADER_X509V3_H -#define HEADER_X509V3_H - -#ifdef __cplusplus -extern "C" { -#endif - -#include -#include -#include - -/* Forward reference */ -struct v3_ext_method; -struct v3_ext_ctx; - -/* Useful typedefs */ - -typedef void * (*X509V3_EXT_NEW)(void); -typedef void (*X509V3_EXT_FREE)(void *); -typedef void * (*X509V3_EXT_D2I)(void *, unsigned char ** , long); -typedef int (*X509V3_EXT_I2D)(void *, unsigned char **); -typedef STACK_OF(CONF_VALUE) * (*X509V3_EXT_I2V)(struct v3_ext_method *method, void *ext, STACK_OF(CONF_VALUE) *extlist); -typedef void * (*X509V3_EXT_V2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, STACK_OF(CONF_VALUE) *values); -typedef char * (*X509V3_EXT_I2S)(struct v3_ext_method *method, void *ext); -typedef void * (*X509V3_EXT_S2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str); -typedef int (*X509V3_EXT_I2R)(struct v3_ext_method *method, void *ext, BIO *out, int indent); -typedef void * (*X509V3_EXT_R2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str); - -/* V3 extension structure */ - -struct v3_ext_method { -int ext_nid; -int ext_flags; -X509V3_EXT_NEW ext_new; -X509V3_EXT_FREE ext_free; -X509V3_EXT_D2I d2i; -X509V3_EXT_I2D i2d; - -/* The following pair is used for string extensions */ -X509V3_EXT_I2S i2s; -X509V3_EXT_S2I s2i; - -/* The following pair is used for multi-valued extensions */ -X509V3_EXT_I2V i2v; -X509V3_EXT_V2I v2i; - -/* The following are used for raw extensions */ -X509V3_EXT_I2R i2r; -X509V3_EXT_R2I r2i; - -void *usr_data; /* Any extension specific data */ -}; - -typedef struct X509V3_CONF_METHOD_st { -char * (*get_string)(void *db, char *section, char *value); -STACK_OF(CONF_VALUE) * (*get_section)(void *db, char *section); -void (*free_string)(void *db, char * string); -void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section); -} X509V3_CONF_METHOD; - -/* Context specific info */ -struct v3_ext_ctx { -#define CTX_TEST 0x1 -int flags; -X509 *issuer_cert; -X509 *subject_cert; -X509_REQ *subject_req; -X509_CRL *crl; -X509V3_CONF_METHOD *db_meth; -void *db; -/* Maybe more here */ -}; - -typedef struct v3_ext_method X509V3_EXT_METHOD; -typedef struct v3_ext_ctx X509V3_CTX; - -/* ext_flags values */ -#define X509V3_EXT_DYNAMIC 0x1 -#define X509V3_EXT_CTX_DEP 0x2 -#define X509V3_EXT_MULTILINE 0x4 - -typedef BIT_STRING_BITNAME ENUMERATED_NAMES; - -typedef struct BASIC_CONSTRAINTS_st { -int ca; -ASN1_INTEGER *pathlen; -} BASIC_CONSTRAINTS; - - -typedef struct PKEY_USAGE_PERIOD_st { -ASN1_GENERALIZEDTIME *notBefore; -ASN1_GENERALIZEDTIME *notAfter; -} PKEY_USAGE_PERIOD; - -typedef struct otherName_st { -ASN1_OBJECT *type_id; -ASN1_TYPE *value; -} OTHERNAME; - -typedef struct GENERAL_NAME_st { - -#define GEN_OTHERNAME (0|V_ASN1_CONTEXT_SPECIFIC) -#define GEN_EMAIL (1|V_ASN1_CONTEXT_SPECIFIC) -#define GEN_DNS (2|V_ASN1_CONTEXT_SPECIFIC) -#define GEN_X400 (3|V_ASN1_CONTEXT_SPECIFIC) -#define GEN_DIRNAME (4|V_ASN1_CONTEXT_SPECIFIC) -#define GEN_EDIPARTY (5|V_ASN1_CONTEXT_SPECIFIC) -#define GEN_URI (6|V_ASN1_CONTEXT_SPECIFIC) -#define GEN_IPADD (7|V_ASN1_CONTEXT_SPECIFIC) -#define GEN_RID (8|V_ASN1_CONTEXT_SPECIFIC) - -int type; -union { - char *ptr; - ASN1_IA5STRING *ia5;/* rfc822Name, dNSName, uniformResourceIdentifier */ - ASN1_OCTET_STRING *ip; /* iPAddress */ - X509_NAME *dirn; /* dirn */ - ASN1_OBJECT *rid; /* registeredID */ - OTHERNAME *otherName; /* otherName */ - ASN1_TYPE *other; /* ediPartyName, x400Address */ -} d; -} GENERAL_NAME; - -typedef struct ACCESS_DESCRIPTION_st { - ASN1_OBJECT *method; - GENERAL_NAME *location; -} ACCESS_DESCRIPTION; - -DECLARE_STACK_OF(GENERAL_NAME) -DECLARE_ASN1_SET_OF(GENERAL_NAME) - -DECLARE_STACK_OF(ACCESS_DESCRIPTION) -DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION) - -typedef struct DIST_POINT_NAME_st { -/* NB: this is a CHOICE type and only one of these should be set */ -STACK_OF(GENERAL_NAME) *fullname; -STACK_OF(X509_NAME_ENTRY) *relativename; -} DIST_POINT_NAME; - -typedef struct DIST_POINT_st { -DIST_POINT_NAME *distpoint; -ASN1_BIT_STRING *reasons; -STACK_OF(GENERAL_NAME) *CRLissuer; -} DIST_POINT; - -DECLARE_STACK_OF(DIST_POINT) -DECLARE_ASN1_SET_OF(DIST_POINT) - -typedef struct AUTHORITY_KEYID_st { -ASN1_OCTET_STRING *keyid; -STACK_OF(GENERAL_NAME) *issuer; -ASN1_INTEGER *serial; -} AUTHORITY_KEYID; - -/* Strong extranet structures */ - -typedef struct SXNET_ID_st { - ASN1_INTEGER *zone; - ASN1_OCTET_STRING *user; -} SXNETID; - -DECLARE_STACK_OF(SXNETID) -DECLARE_ASN1_SET_OF(SXNETID) - -typedef struct SXNET_st { - ASN1_INTEGER *version; - STACK_OF(SXNETID) *ids; -} SXNET; - -typedef struct NOTICEREF_st { - ASN1_STRING *organization; - STACK *noticenos; -} NOTICEREF; - -typedef struct USERNOTICE_st { - NOTICEREF *noticeref; - ASN1_STRING *exptext; -} USERNOTICE; - -typedef struct POLICYQUALINFO_st { - ASN1_OBJECT *pqualid; - union { - ASN1_IA5STRING *cpsuri; - USERNOTICE *usernotice; - ASN1_TYPE *other; - } d; -} POLICYQUALINFO; - -DECLARE_STACK_OF(POLICYQUALINFO) -DECLARE_ASN1_SET_OF(POLICYQUALINFO) - -typedef struct POLICYINFO_st { - ASN1_OBJECT *policyid; - STACK_OF(POLICYQUALINFO) *qualifiers; -} POLICYINFO; - -DECLARE_STACK_OF(POLICYINFO) -DECLARE_ASN1_SET_OF(POLICYINFO) - -#define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \ -",name:", val->name, ",value:", val->value); - -#define X509V3_set_ctx_test(ctx) \ - X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST) -#define X509V3_set_ctx_nodb(ctx) ctx->db = NULL; - -#define EXT_BITSTRING(nid, table) { nid, 0, \ - (X509V3_EXT_NEW)ASN1_BIT_STRING_new, \ - (X509V3_EXT_FREE)ASN1_BIT_STRING_free, \ - (X509V3_EXT_D2I)d2i_ASN1_BIT_STRING, \ - (X509V3_EXT_I2D)i2d_ASN1_BIT_STRING, \ - NULL, NULL, \ - (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \ - (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \ - NULL, NULL, \ - (char *)table} - -#define EXT_IA5STRING(nid) { nid, 0, \ - (X509V3_EXT_NEW)ASN1_IA5STRING_new, \ - (X509V3_EXT_FREE)ASN1_IA5STRING_free, \ - (X509V3_EXT_D2I)d2i_ASN1_IA5STRING, \ - (X509V3_EXT_I2D)i2d_ASN1_IA5STRING, \ - (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \ - (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \ - NULL, NULL, NULL, NULL, \ - NULL} - -#define EXT_END { -1, 0, NULL, NULL, NULL, NULL, NULL, NULL, \ - NULL, NULL, NULL, NULL, \ - NULL} - - -/* X509_PURPOSE stuff */ - -#define EXFLAG_BCONS 0x1 -#define EXFLAG_KUSAGE 0x2 -#define EXFLAG_XKUSAGE 0x4 -#define EXFLAG_NSCERT 0x8 - -#define EXFLAG_CA 0x10 -#define EXFLAG_SS 0x20 -#define EXFLAG_V1 0x40 -#define EXFLAG_INVALID 0x80 -#define EXFLAG_SET 0x100 - -#define KU_DIGITAL_SIGNATURE 0x0080 -#define KU_NON_REPUDIATION 0x0040 -#define KU_KEY_ENCIPHERMENT 0x0020 -#define KU_DATA_ENCIPHERMENT 0x0010 -#define KU_KEY_AGREEMENT 0x0008 -#define KU_KEY_CERT_SIGN 0x0004 -#define KU_CRL_SIGN 0x0002 -#define KU_ENCIPHER_ONLY 0x0001 -#define KU_DECIPHER_ONLY 0x8000 - -#define NS_SSL_CLIENT 0x80 -#define NS_SSL_SERVER 0x40 -#define NS_SMIME 0x20 -#define NS_OBJSIGN 0x10 -#define NS_SSL_CA 0x04 -#define NS_SMIME_CA 0x02 -#define NS_OBJSIGN_CA 0x01 - -#define XKU_SSL_SERVER 0x1 -#define XKU_SSL_CLIENT 0x2 -#define XKU_SMIME 0x4 -#define XKU_CODE_SIGN 0x8 -#define XKU_SGC 0x10 - -#define X509_PURPOSE_DYNAMIC 0x1 -#define X509_PURPOSE_DYNAMIC_NAME 0x2 - -typedef struct x509_purpose_st { - int purpose; - int trust; /* Default trust ID */ - int flags; - int (*check_purpose)(struct x509_purpose_st *, X509 *, int); - char *name; - char *sname; - void *usr_data; -} X509_PURPOSE; - -#define X509_PURPOSE_SSL_CLIENT 1 -#define X509_PURPOSE_SSL_SERVER 2 -#define X509_PURPOSE_NS_SSL_SERVER 3 -#define X509_PURPOSE_SMIME_SIGN 4 -#define X509_PURPOSE_SMIME_ENCRYPT 5 -#define X509_PURPOSE_CRL_SIGN 6 -#define X509_PURPOSE_ANY 7 - -#define X509_PURPOSE_MIN 1 -#define X509_PURPOSE_MAX 7 - -DECLARE_STACK_OF(X509_PURPOSE) - -void ERR_load_X509V3_strings(void); -int i2d_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS *a, unsigned char **pp); -BASIC_CONSTRAINTS *d2i_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS **a, unsigned char **pp, long length); -BASIC_CONSTRAINTS *BASIC_CONSTRAINTS_new(void); -void BASIC_CONSTRAINTS_free(BASIC_CONSTRAINTS *a); - -int i2d_GENERAL_NAME(GENERAL_NAME *a, unsigned char **pp); -GENERAL_NAME *d2i_GENERAL_NAME(GENERAL_NAME **a, unsigned char **pp, long length); -GENERAL_NAME *GENERAL_NAME_new(void); -void GENERAL_NAME_free(GENERAL_NAME *a); -STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret); - -int i2d_SXNET(SXNET *a, unsigned char **pp); -SXNET *d2i_SXNET(SXNET **a, unsigned char **pp, long length); -SXNET *SXNET_new(void); -void SXNET_free(SXNET *a); - -int i2d_SXNETID(SXNETID *a, unsigned char **pp); -SXNETID *d2i_SXNETID(SXNETID **a, unsigned char **pp, long length); -SXNETID *SXNETID_new(void); -void SXNETID_free(SXNETID *a); - -int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen); -int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, int userlen); -int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, char *user, int userlen); - -ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone); -ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone); -ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone); - -int i2d_AUTHORITY_KEYID(AUTHORITY_KEYID *a, unsigned char **pp); -AUTHORITY_KEYID *d2i_AUTHORITY_KEYID(AUTHORITY_KEYID **a, unsigned char **pp, long length); -AUTHORITY_KEYID *AUTHORITY_KEYID_new(void); -void AUTHORITY_KEYID_free(AUTHORITY_KEYID *a); - -int i2d_PKEY_USAGE_PERIOD(PKEY_USAGE_PERIOD *a, unsigned char **pp); -PKEY_USAGE_PERIOD *d2i_PKEY_USAGE_PERIOD(PKEY_USAGE_PERIOD **a, unsigned char **pp, long length); -PKEY_USAGE_PERIOD *PKEY_USAGE_PERIOD_new(void); -void PKEY_USAGE_PERIOD_free(PKEY_USAGE_PERIOD *a); - -STACK_OF(GENERAL_NAME) *GENERAL_NAMES_new(void); -void GENERAL_NAMES_free(STACK_OF(GENERAL_NAME) *a); -STACK_OF(GENERAL_NAME) *d2i_GENERAL_NAMES(STACK_OF(GENERAL_NAME) **a, unsigned char **pp, long length); -int i2d_GENERAL_NAMES(STACK_OF(GENERAL_NAME) *a, unsigned char **pp); -STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, - STACK_OF(GENERAL_NAME) *gen, STACK_OF(CONF_VALUE) *extlist); -STACK_OF(GENERAL_NAME) *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); - -int i2d_OTHERNAME(OTHERNAME *a, unsigned char **pp); -OTHERNAME *OTHERNAME_new(void); -OTHERNAME *d2i_OTHERNAME(OTHERNAME **a, unsigned char **pp, long length); -void OTHERNAME_free(OTHERNAME *a); - -char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5); -ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); - -int i2d_ext_ku(STACK_OF(ASN1_OBJECT) *a, unsigned char **pp); -STACK_OF(ASN1_OBJECT) *d2i_ext_ku(STACK_OF(ASN1_OBJECT) **a, - unsigned char **pp, long length); -void ext_ku_free(STACK_OF(ASN1_OBJECT) *a); -STACK_OF(ASN1_OBJECT) *ext_ku_new(void); - -int i2d_CERTIFICATEPOLICIES(STACK_OF(POLICYINFO) *a, unsigned char **pp); -STACK_OF(POLICYINFO) *CERTIFICATEPOLICIES_new(void); -void CERTIFICATEPOLICIES_free(STACK_OF(POLICYINFO) *a); -STACK_OF(POLICYINFO) *d2i_CERTIFICATEPOLICIES(STACK_OF(POLICYINFO) **a, unsigned char **pp, long length); - -int i2d_POLICYINFO(POLICYINFO *a, unsigned char **pp); -POLICYINFO *POLICYINFO_new(void); -POLICYINFO *d2i_POLICYINFO(POLICYINFO **a, unsigned char **pp, long length); -void POLICYINFO_free(POLICYINFO *a); - -int i2d_POLICYQUALINFO(POLICYQUALINFO *a, unsigned char **pp); -POLICYQUALINFO *POLICYQUALINFO_new(void); -POLICYQUALINFO *d2i_POLICYQUALINFO(POLICYQUALINFO **a, unsigned char **pp, - long length); -void POLICYQUALINFO_free(POLICYQUALINFO *a); - -int i2d_USERNOTICE(USERNOTICE *a, unsigned char **pp); -USERNOTICE *USERNOTICE_new(void); -USERNOTICE *d2i_USERNOTICE(USERNOTICE **a, unsigned char **pp, long length); -void USERNOTICE_free(USERNOTICE *a); - -int i2d_NOTICEREF(NOTICEREF *a, unsigned char **pp); -NOTICEREF *NOTICEREF_new(void); -NOTICEREF *d2i_NOTICEREF(NOTICEREF **a, unsigned char **pp, long length); -void NOTICEREF_free(NOTICEREF *a); - -int i2d_CRL_DIST_POINTS(STACK_OF(DIST_POINT) *a, unsigned char **pp); -STACK_OF(DIST_POINT) *CRL_DIST_POINTS_new(void); -void CRL_DIST_POINTS_free(STACK_OF(DIST_POINT) *a); -STACK_OF(DIST_POINT) *d2i_CRL_DIST_POINTS(STACK_OF(DIST_POINT) **a, - unsigned char **pp,long length); - -int i2d_DIST_POINT(DIST_POINT *a, unsigned char **pp); -DIST_POINT *DIST_POINT_new(void); -DIST_POINT *d2i_DIST_POINT(DIST_POINT **a, unsigned char **pp, long length); -void DIST_POINT_free(DIST_POINT *a); - -int i2d_DIST_POINT_NAME(DIST_POINT_NAME *a, unsigned char **pp); -DIST_POINT_NAME *DIST_POINT_NAME_new(void); -void DIST_POINT_NAME_free(DIST_POINT_NAME *a); -DIST_POINT_NAME *d2i_DIST_POINT_NAME(DIST_POINT_NAME **a, unsigned char **pp, - long length); - -int i2d_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION *a, unsigned char **pp); -ACCESS_DESCRIPTION *ACCESS_DESCRIPTION_new(void); -void ACCESS_DESCRIPTION_free(ACCESS_DESCRIPTION *a); -ACCESS_DESCRIPTION *d2i_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION **a, unsigned char **pp, - long length); - -STACK_OF(ACCESS_DESCRIPTION) *AUTHORITY_INFO_ACCESS_new(void); -void AUTHORITY_INFO_ACCESS_free(STACK_OF(ACCESS_DESCRIPTION) *a); -STACK_OF(ACCESS_DESCRIPTION) *d2i_AUTHORITY_INFO_ACCESS(STACK_OF(ACCESS_DESCRIPTION) **a, - unsigned char **pp, long length); -int i2d_AUTHORITY_INFO_ACCESS(STACK_OF(ACCESS_DESCRIPTION) *a, unsigned char **pp); - - - -#ifdef HEADER_CONF_H -GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, CONF_VALUE *cnf); -void X509V3_conf_free(CONF_VALUE *val); -X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, char *value); -X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value); -int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert); -int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_REQ *req); -int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl); -int X509V3_add_value_bool_nf(char *name, int asn1_bool, - STACK_OF(CONF_VALUE) **extlist); -int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool); -int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint); -void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash); -#endif - -char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section); -STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section); -void X509V3_string_free(X509V3_CTX *ctx, char *str); -void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section); -void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject, - X509_REQ *req, X509_CRL *crl, int flags); - -int X509V3_add_value(const char *name, const char *value, - STACK_OF(CONF_VALUE) **extlist); -int X509V3_add_value_uchar(const char *name, const unsigned char *value, - STACK_OF(CONF_VALUE) **extlist); -int X509V3_add_value_bool(const char *name, int asn1_bool, - STACK_OF(CONF_VALUE) **extlist); -int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint, - STACK_OF(CONF_VALUE) **extlist); -char * i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint); -ASN1_INTEGER * s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value); -char * i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint); -char * i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint); -int X509V3_EXT_add(X509V3_EXT_METHOD *ext); -int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist); -int X509V3_EXT_add_alias(int nid_to, int nid_from); -void X509V3_EXT_cleanup(void); - -X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext); -X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid); -int X509V3_add_standard_extensions(void); -STACK_OF(CONF_VALUE) *X509V3_parse_list(char *line); -void *X509V3_EXT_d2i(X509_EXTENSION *ext); -void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx); - -X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); - -char *hex_to_string(unsigned char *buffer, long len); -unsigned char *string_to_hex(char *str, long *len); -int name_cmp(const char *name, const char *cmp); - -void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, - int ml); -int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent); -int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); - -int X509_check_purpose(X509 *x, int id, int ca); -int X509_PURPOSE_get_count(void); -X509_PURPOSE * X509_PURPOSE_get0(int idx); -int X509_PURPOSE_get_by_sname(char *sname); -int X509_PURPOSE_get_by_id(int id); -int X509_PURPOSE_add(int id, int trust, int flags, - int (*ck)(X509_PURPOSE *, X509 *, int), - char *name, char *sname, void *arg); -char *X509_PURPOSE_get0_name(X509_PURPOSE *xp); -char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp); -int X509_PURPOSE_get_trust(X509_PURPOSE *xp); -void X509_PURPOSE_cleanup(void); -int X509_PURPOSE_get_id(X509_PURPOSE *); - -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - -/* Error codes for the X509V3 functions. */ - -/* Function codes. */ -#define X509V3_F_COPY_EMAIL 122 -#define X509V3_F_COPY_ISSUER 123 -#define X509V3_F_DO_EXT_CONF 124 -#define X509V3_F_DO_EXT_I2D 135 -#define X509V3_F_HEX_TO_STRING 111 -#define X509V3_F_I2S_ASN1_ENUMERATED 121 -#define X509V3_F_I2S_ASN1_INTEGER 120 -#define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 138 -#define X509V3_F_NOTICE_SECTION 132 -#define X509V3_F_NREF_NOS 133 -#define X509V3_F_POLICY_SECTION 131 -#define X509V3_F_R2I_CERTPOL 130 -#define X509V3_F_S2I_ASN1_IA5STRING 100 -#define X509V3_F_S2I_ASN1_INTEGER 108 -#define X509V3_F_S2I_ASN1_OCTET_STRING 112 -#define X509V3_F_S2I_ASN1_SKEY_ID 114 -#define X509V3_F_S2I_S2I_SKEY_ID 115 -#define X509V3_F_STRING_TO_HEX 113 -#define X509V3_F_SXNET_ADD_ASC 125 -#define X509V3_F_SXNET_ADD_ID_INTEGER 126 -#define X509V3_F_SXNET_ADD_ID_ULONG 127 -#define X509V3_F_SXNET_GET_ID_ASC 128 -#define X509V3_F_SXNET_GET_ID_ULONG 129 -#define X509V3_F_V2I_ACCESS_DESCRIPTION 139 -#define X509V3_F_V2I_ASN1_BIT_STRING 101 -#define X509V3_F_V2I_AUTHORITY_KEYID 119 -#define X509V3_F_V2I_BASIC_CONSTRAINTS 102 -#define X509V3_F_V2I_CRLD 134 -#define X509V3_F_V2I_EXT_KU 103 -#define X509V3_F_V2I_GENERAL_NAME 117 -#define X509V3_F_V2I_GENERAL_NAMES 118 -#define X509V3_F_V3_GENERIC_EXTENSION 116 -#define X509V3_F_X509V3_ADD_VALUE 105 -#define X509V3_F_X509V3_EXT_ADD 104 -#define X509V3_F_X509V3_EXT_ADD_ALIAS 106 -#define X509V3_F_X509V3_EXT_CONF 107 -#define X509V3_F_X509V3_EXT_I2D 136 -#define X509V3_F_X509V3_GET_VALUE_BOOL 110 -#define X509V3_F_X509V3_PARSE_LIST 109 -#define X509V3_F_X509_PURPOSE_ADD 137 - -/* Reason codes. */ -#define X509V3_R_BAD_IP_ADDRESS 118 -#define X509V3_R_BAD_OBJECT 119 -#define X509V3_R_BN_DEC2BN_ERROR 100 -#define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101 -#define X509V3_R_DUPLICATE_ZONE_ID 133 -#define X509V3_R_ERROR_CONVERTING_ZONE 131 -#define X509V3_R_ERROR_IN_EXTENSION 128 -#define X509V3_R_EXPECTED_A_SECTION_NAME 137 -#define X509V3_R_EXTENSION_NAME_ERROR 115 -#define X509V3_R_EXTENSION_NOT_FOUND 102 -#define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 103 -#define X509V3_R_EXTENSION_VALUE_ERROR 116 -#define X509V3_R_ILLEGAL_HEX_DIGIT 113 -#define X509V3_R_INVALID_BOOLEAN_STRING 104 -#define X509V3_R_INVALID_EXTENSION_STRING 105 -#define X509V3_R_INVALID_NAME 106 -#define X509V3_R_INVALID_NULL_ARGUMENT 107 -#define X509V3_R_INVALID_NULL_NAME 108 -#define X509V3_R_INVALID_NULL_VALUE 109 -#define X509V3_R_INVALID_NUMBER 140 -#define X509V3_R_INVALID_NUMBERS 141 -#define X509V3_R_INVALID_OBJECT_IDENTIFIER 110 -#define X509V3_R_INVALID_OPTION 138 -#define X509V3_R_INVALID_POLICY_IDENTIFIER 134 -#define X509V3_R_INVALID_SECTION 135 -#define X509V3_R_INVALID_SYNTAX 143 -#define X509V3_R_ISSUER_DECODE_ERROR 126 -#define X509V3_R_MISSING_VALUE 124 -#define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS 142 -#define X509V3_R_NO_CONFIG_DATABASE 136 -#define X509V3_R_NO_ISSUER_CERTIFICATE 121 -#define X509V3_R_NO_ISSUER_DETAILS 127 -#define X509V3_R_NO_POLICY_IDENTIFIER 139 -#define X509V3_R_NO_PUBLIC_KEY 114 -#define X509V3_R_NO_SUBJECT_DETAILS 125 -#define X509V3_R_ODD_NUMBER_OF_DIGITS 112 -#define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 122 -#define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 123 -#define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 111 -#define X509V3_R_UNKNOWN_EXTENSION 129 -#define X509V3_R_UNKNOWN_EXTENSION_NAME 130 -#define X509V3_R_UNKNOWN_OPTION 120 -#define X509V3_R_UNSUPPORTED_OPTION 117 -#define X509V3_R_USER_TOO_LONG 132 - -#ifdef __cplusplus -} -#endif -#endif - -- cgit v1.2.3-55-g6feb