diff options
Diffstat (limited to 'crypto/openssl/crypto/x509v3')
25 files changed, 1763 insertions, 147 deletions
diff --git a/crypto/openssl/crypto/x509v3/Makefile.save b/crypto/openssl/crypto/x509v3/Makefile.save new file mode 100644 index 0000000..8cf90be --- /dev/null +++ b/crypto/openssl/crypto/x509v3/Makefile.save @@ -0,0 +1,469 @@ +# +# SSLeay/crypto/x509v3/Makefile +# + +DIR= x509v3 +TOP= ../.. +CC= cc +INCLUDES= -I.. -I../../include +CFLAG=-g +INSTALL_PREFIX= +OPENSSLDIR= /usr/local/ssl +INSTALLTOP=/usr/local/ssl +MAKE= make -f Makefile.ssl +MAKEDEPEND= $(TOP)/util/domd $(TOP) +MAKEFILE= Makefile.ssl +AR= ar r + +CFLAGS= $(INCLUDES) $(CFLAG) + +GENERAL=Makefile README +TEST= +APPS= + +LIB=$(TOP)/libcrypto.a +LIBSRC= v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c \ +v3_lib.c v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c \ +v3_pku.c v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c v3_info.c +LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \ +v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \ +v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o v3_crld.o v3_purp.o v3_info.o + +SRC= $(LIBSRC) + +EXHEADER= x509v3.h +HEADER= $(EXHEADER) + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) + +all: lib + +lib: $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) + $(RANLIB) $(LIB) + @touch lib + +files: + $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO + +links: + @$(TOP)/util/point.sh Makefile.ssl Makefile + @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) + @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) + @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) + +install: + @for i in $(EXHEADER) ; \ + do \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + +tags: + ctags $(SRC) + +tests: + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) + +dclean: + $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + +# DO NOT DELETE THIS LINE -- make depend depends on it. + +v3_akey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h +v3_akey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h +v3_akey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +v3_akey.o: ../../include/openssl/cast.h ../../include/openssl/conf.h +v3_akey.o: ../../include/openssl/crypto.h ../../include/openssl/des.h +v3_akey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +v3_akey.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h +v3_akey.o: ../../include/openssl/err.h ../../include/openssl/evp.h +v3_akey.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h +v3_akey.o: ../../include/openssl/md2.h ../../include/openssl/md5.h +v3_akey.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h +v3_akey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_akey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h +v3_akey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h +v3_akey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +v3_akey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_akey.o: ../../include/openssl/stack.h ../../include/openssl/x509.h +v3_akey.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +v3_akey.o: ../cryptlib.h +v3_alt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +v3_alt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h +v3_alt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +v3_alt.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +v3_alt.o: ../../include/openssl/des.h ../../include/openssl/dh.h +v3_alt.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h +v3_alt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +v3_alt.o: ../../include/openssl/evp.h ../../include/openssl/idea.h +v3_alt.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h +v3_alt.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +v3_alt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_alt.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h +v3_alt.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h +v3_alt.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h +v3_alt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +v3_alt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_alt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_alt.o: ../../include/openssl/x509v3.h ../cryptlib.h +v3_bcons.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h +v3_bcons.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h +v3_bcons.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +v3_bcons.o: ../../include/openssl/cast.h ../../include/openssl/conf.h +v3_bcons.o: ../../include/openssl/crypto.h ../../include/openssl/des.h +v3_bcons.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +v3_bcons.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h +v3_bcons.o: ../../include/openssl/err.h ../../include/openssl/evp.h +v3_bcons.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h +v3_bcons.o: ../../include/openssl/md2.h ../../include/openssl/md5.h +v3_bcons.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h +v3_bcons.o: ../../include/openssl/opensslconf.h +v3_bcons.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h +v3_bcons.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h +v3_bcons.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h +v3_bcons.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +v3_bcons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_bcons.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_bcons.o: ../../include/openssl/x509v3.h ../cryptlib.h +v3_bitst.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +v3_bitst.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h +v3_bitst.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +v3_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +v3_bitst.o: ../../include/openssl/des.h ../../include/openssl/dh.h +v3_bitst.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h +v3_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +v3_bitst.o: ../../include/openssl/evp.h ../../include/openssl/idea.h +v3_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h +v3_bitst.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +v3_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h +v3_bitst.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h +v3_bitst.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h +v3_bitst.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +v3_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_bitst.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_bitst.o: ../../include/openssl/x509v3.h ../cryptlib.h +v3_conf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +v3_conf.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h +v3_conf.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +v3_conf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +v3_conf.o: ../../include/openssl/des.h ../../include/openssl/dh.h +v3_conf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h +v3_conf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +v3_conf.o: ../../include/openssl/evp.h ../../include/openssl/idea.h +v3_conf.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h +v3_conf.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +v3_conf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_conf.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h +v3_conf.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h +v3_conf.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h +v3_conf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +v3_conf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_conf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_conf.o: ../../include/openssl/x509v3.h ../cryptlib.h +v3_cpols.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h +v3_cpols.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h +v3_cpols.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +v3_cpols.o: ../../include/openssl/cast.h ../../include/openssl/conf.h +v3_cpols.o: ../../include/openssl/crypto.h ../../include/openssl/des.h +v3_cpols.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +v3_cpols.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h +v3_cpols.o: ../../include/openssl/err.h ../../include/openssl/evp.h +v3_cpols.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h +v3_cpols.o: ../../include/openssl/md2.h ../../include/openssl/md5.h +v3_cpols.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h +v3_cpols.o: ../../include/openssl/opensslconf.h +v3_cpols.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h +v3_cpols.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h +v3_cpols.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h +v3_cpols.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +v3_cpols.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_cpols.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_cpols.o: ../../include/openssl/x509v3.h ../cryptlib.h +v3_crld.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h +v3_crld.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h +v3_crld.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +v3_crld.o: ../../include/openssl/cast.h ../../include/openssl/conf.h +v3_crld.o: ../../include/openssl/crypto.h ../../include/openssl/des.h +v3_crld.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +v3_crld.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h +v3_crld.o: ../../include/openssl/err.h ../../include/openssl/evp.h +v3_crld.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h +v3_crld.o: ../../include/openssl/md2.h ../../include/openssl/md5.h +v3_crld.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h +v3_crld.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_crld.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h +v3_crld.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h +v3_crld.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +v3_crld.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_crld.o: ../../include/openssl/stack.h ../../include/openssl/x509.h +v3_crld.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +v3_crld.o: ../cryptlib.h +v3_enum.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +v3_enum.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h +v3_enum.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +v3_enum.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +v3_enum.o: ../../include/openssl/des.h ../../include/openssl/dh.h +v3_enum.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h +v3_enum.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +v3_enum.o: ../../include/openssl/evp.h ../../include/openssl/idea.h +v3_enum.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h +v3_enum.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +v3_enum.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_enum.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h +v3_enum.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h +v3_enum.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h +v3_enum.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +v3_enum.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_enum.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_enum.o: ../../include/openssl/x509v3.h ../cryptlib.h +v3_extku.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +v3_extku.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h +v3_extku.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +v3_extku.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +v3_extku.o: ../../include/openssl/des.h ../../include/openssl/dh.h +v3_extku.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h +v3_extku.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +v3_extku.o: ../../include/openssl/evp.h ../../include/openssl/idea.h +v3_extku.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h +v3_extku.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +v3_extku.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_extku.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h +v3_extku.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h +v3_extku.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h +v3_extku.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +v3_extku.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_extku.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_extku.o: ../../include/openssl/x509v3.h ../cryptlib.h +v3_genn.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h +v3_genn.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h +v3_genn.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +v3_genn.o: ../../include/openssl/cast.h ../../include/openssl/conf.h +v3_genn.o: ../../include/openssl/crypto.h ../../include/openssl/des.h +v3_genn.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +v3_genn.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h +v3_genn.o: ../../include/openssl/err.h ../../include/openssl/evp.h +v3_genn.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h +v3_genn.o: ../../include/openssl/md2.h ../../include/openssl/md5.h +v3_genn.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h +v3_genn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_genn.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h +v3_genn.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h +v3_genn.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +v3_genn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_genn.o: ../../include/openssl/stack.h ../../include/openssl/x509.h +v3_genn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +v3_genn.o: ../cryptlib.h +v3_ia5.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +v3_ia5.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h +v3_ia5.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +v3_ia5.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +v3_ia5.o: ../../include/openssl/des.h ../../include/openssl/dh.h +v3_ia5.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h +v3_ia5.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +v3_ia5.o: ../../include/openssl/evp.h ../../include/openssl/idea.h +v3_ia5.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h +v3_ia5.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +v3_ia5.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_ia5.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h +v3_ia5.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h +v3_ia5.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h +v3_ia5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +v3_ia5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_ia5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_ia5.o: ../../include/openssl/x509v3.h ../cryptlib.h +v3_info.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h +v3_info.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h +v3_info.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +v3_info.o: ../../include/openssl/cast.h ../../include/openssl/conf.h +v3_info.o: ../../include/openssl/crypto.h ../../include/openssl/des.h +v3_info.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +v3_info.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h +v3_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h +v3_info.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h +v3_info.o: ../../include/openssl/md2.h ../../include/openssl/md5.h +v3_info.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h +v3_info.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h +v3_info.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h +v3_info.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +v3_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_info.o: ../../include/openssl/stack.h ../../include/openssl/x509.h +v3_info.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +v3_info.o: ../cryptlib.h +v3_int.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +v3_int.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h +v3_int.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +v3_int.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +v3_int.o: ../../include/openssl/des.h ../../include/openssl/dh.h +v3_int.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h +v3_int.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +v3_int.o: ../../include/openssl/evp.h ../../include/openssl/idea.h +v3_int.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h +v3_int.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +v3_int.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_int.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h +v3_int.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h +v3_int.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h +v3_int.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +v3_int.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_int.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_int.o: ../../include/openssl/x509v3.h ../cryptlib.h +v3_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +v3_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h +v3_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +v3_lib.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +v3_lib.o: ../../include/openssl/des.h ../../include/openssl/dh.h +v3_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h +v3_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +v3_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h +v3_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h +v3_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +v3_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h +v3_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h +v3_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h +v3_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +v3_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h ext_dat.h +v3_pku.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h +v3_pku.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h +v3_pku.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +v3_pku.o: ../../include/openssl/cast.h ../../include/openssl/conf.h +v3_pku.o: ../../include/openssl/crypto.h ../../include/openssl/des.h +v3_pku.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +v3_pku.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h +v3_pku.o: ../../include/openssl/err.h ../../include/openssl/evp.h +v3_pku.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h +v3_pku.o: ../../include/openssl/md2.h ../../include/openssl/md5.h +v3_pku.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h +v3_pku.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_pku.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h +v3_pku.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h +v3_pku.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +v3_pku.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_pku.o: ../../include/openssl/stack.h ../../include/openssl/x509.h +v3_pku.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +v3_pku.o: ../cryptlib.h +v3_prn.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +v3_prn.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h +v3_prn.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +v3_prn.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +v3_prn.o: ../../include/openssl/des.h ../../include/openssl/dh.h +v3_prn.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h +v3_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +v3_prn.o: ../../include/openssl/evp.h ../../include/openssl/idea.h +v3_prn.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h +v3_prn.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +v3_prn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h +v3_prn.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h +v3_prn.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h +v3_prn.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +v3_prn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_prn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_prn.o: ../../include/openssl/x509v3.h ../cryptlib.h +v3_purp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +v3_purp.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h +v3_purp.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +v3_purp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +v3_purp.o: ../../include/openssl/des.h ../../include/openssl/dh.h +v3_purp.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h +v3_purp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +v3_purp.o: ../../include/openssl/evp.h ../../include/openssl/idea.h +v3_purp.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h +v3_purp.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +v3_purp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_purp.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h +v3_purp.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h +v3_purp.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h +v3_purp.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +v3_purp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_purp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_purp.o: ../../include/openssl/x509v3.h ../cryptlib.h +v3_skey.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +v3_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h +v3_skey.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +v3_skey.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +v3_skey.o: ../../include/openssl/des.h ../../include/openssl/dh.h +v3_skey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h +v3_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +v3_skey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h +v3_skey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h +v3_skey.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +v3_skey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h +v3_skey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h +v3_skey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h +v3_skey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +v3_skey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_skey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_skey.o: ../../include/openssl/x509v3.h ../cryptlib.h +v3_sxnet.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h +v3_sxnet.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h +v3_sxnet.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +v3_sxnet.o: ../../include/openssl/cast.h ../../include/openssl/conf.h +v3_sxnet.o: ../../include/openssl/crypto.h ../../include/openssl/des.h +v3_sxnet.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +v3_sxnet.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h +v3_sxnet.o: ../../include/openssl/err.h ../../include/openssl/evp.h +v3_sxnet.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h +v3_sxnet.o: ../../include/openssl/md2.h ../../include/openssl/md5.h +v3_sxnet.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h +v3_sxnet.o: ../../include/openssl/opensslconf.h +v3_sxnet.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h +v3_sxnet.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h +v3_sxnet.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h +v3_sxnet.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +v3_sxnet.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_sxnet.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_sxnet.o: ../../include/openssl/x509v3.h ../cryptlib.h +v3_utl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +v3_utl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h +v3_utl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +v3_utl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +v3_utl.o: ../../include/openssl/des.h ../../include/openssl/dh.h +v3_utl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h +v3_utl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +v3_utl.o: ../../include/openssl/evp.h ../../include/openssl/idea.h +v3_utl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h +v3_utl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +v3_utl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h +v3_utl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h +v3_utl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h +v3_utl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +v3_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_utl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_utl.o: ../../include/openssl/x509v3.h ../cryptlib.h +v3err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +v3err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h +v3err.o: ../../include/openssl/cast.h ../../include/openssl/conf.h +v3err.o: ../../include/openssl/crypto.h ../../include/openssl/des.h +v3err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +v3err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +v3err.o: ../../include/openssl/evp.h ../../include/openssl/idea.h +v3err.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h +v3err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +v3err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3err.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h +v3err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h +v3err.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h +v3err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +v3err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3err.o: ../../include/openssl/x509v3.h diff --git a/crypto/openssl/crypto/x509v3/Makefile.ssl b/crypto/openssl/crypto/x509v3/Makefile.ssl index 57006e6..8cf90be 100644 --- a/crypto/openssl/crypto/x509v3/Makefile.ssl +++ b/crypto/openssl/crypto/x509v3/Makefile.ssl @@ -24,10 +24,10 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC= v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c \ v3_lib.c v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c \ -v3_pku.c v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c +v3_pku.c v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c v3_info.c LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \ v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \ -v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o v3_crld.o +v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o v3_crld.o v3_purp.o v3_info.o SRC= $(LIBSRC) @@ -285,6 +285,25 @@ v3_ia5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h v3_ia5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h v3_ia5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h v3_ia5.o: ../../include/openssl/x509v3.h ../cryptlib.h +v3_info.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h +v3_info.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h +v3_info.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +v3_info.o: ../../include/openssl/cast.h ../../include/openssl/conf.h +v3_info.o: ../../include/openssl/crypto.h ../../include/openssl/des.h +v3_info.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +v3_info.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h +v3_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h +v3_info.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h +v3_info.o: ../../include/openssl/md2.h ../../include/openssl/md5.h +v3_info.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h +v3_info.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h +v3_info.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h +v3_info.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +v3_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_info.o: ../../include/openssl/stack.h ../../include/openssl/x509.h +v3_info.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +v3_info.o: ../cryptlib.h v3_int.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h v3_int.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h v3_int.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -320,7 +339,7 @@ v3_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h v3_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h v3_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h v3_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h +v3_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h ext_dat.h v3_pku.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h v3_pku.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h v3_pku.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h @@ -358,6 +377,24 @@ v3_prn.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h v3_prn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h v3_prn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h v3_prn.o: ../../include/openssl/x509v3.h ../cryptlib.h +v3_purp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +v3_purp.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h +v3_purp.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +v3_purp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +v3_purp.o: ../../include/openssl/des.h ../../include/openssl/dh.h +v3_purp.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h +v3_purp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +v3_purp.o: ../../include/openssl/evp.h ../../include/openssl/idea.h +v3_purp.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h +v3_purp.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +v3_purp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_purp.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h +v3_purp.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h +v3_purp.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h +v3_purp.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +v3_purp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_purp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_purp.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_skey.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h v3_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h v3_skey.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h diff --git a/crypto/openssl/crypto/x509v3/ext_dat.h b/crypto/openssl/crypto/x509v3/ext_dat.h new file mode 100644 index 0000000..801a585 --- /dev/null +++ b/crypto/openssl/crypto/x509v3/ext_dat.h @@ -0,0 +1,97 @@ +/* ext_dat.h */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* This file contains a table of "standard" extensions */ + +extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku; +extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info; +extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id; +extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_cpols, v3_crld; + +/* This table will be searched using OBJ_bsearch so it *must* kept in + * order of the ext_nid values. + */ + +static X509V3_EXT_METHOD *standard_exts[] = { +&v3_nscert, +&v3_ns_ia5_list[0], +&v3_ns_ia5_list[1], +&v3_ns_ia5_list[2], +&v3_ns_ia5_list[3], +&v3_ns_ia5_list[4], +&v3_ns_ia5_list[5], +&v3_ns_ia5_list[6], +&v3_skey_id, +&v3_key_usage, +&v3_pkey_usage_period, +&v3_alt[0], +&v3_alt[1], +&v3_bcons, +&v3_crl_num, +&v3_cpols, +&v3_akey_id, +&v3_crld, +&v3_ext_ku, +&v3_crl_reason, +&v3_sxnet, +&v3_info, +}; + +/* Number of standard extensions */ + +#define STANDARD_EXTENSION_COUNT (sizeof(standard_exts)/sizeof(X509V3_EXT_METHOD *)) + diff --git a/crypto/openssl/crypto/x509v3/tabtest.c b/crypto/openssl/crypto/x509v3/tabtest.c new file mode 100644 index 0000000..dad0d38 --- /dev/null +++ b/crypto/openssl/crypto/x509v3/tabtest.c @@ -0,0 +1,88 @@ +/* tabtest.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* Simple program to check the ext_dat.h is correct and print out + * problems if it is not. + */ + +#include <stdio.h> + +#include <openssl/x509v3.h> + +#include "ext_dat.h" + +main() +{ + int i, prev = -1, bad = 0; + X509V3_EXT_METHOD **tmp; + i = sizeof(standard_exts) / sizeof(X509V3_EXT_METHOD *); + if(i != STANDARD_EXTENSION_COUNT) + fprintf(stderr, "Extension number invalid expecting %d\n", i); + tmp = standard_exts; + for(i = 0; i < STANDARD_EXTENSION_COUNT; i++, tmp++) { + if((*tmp)->ext_nid < prev) bad = 1; + prev = (*tmp)->ext_nid; + + } + if(bad) { + tmp = standard_exts; + fprintf(stderr, "Extensions out of order!\n"); + for(i = 0; i < STANDARD_EXTENSION_COUNT; i++, tmp++) + printf("%d : %s\n", (*tmp)->ext_nid, OBJ_nid2sn((*tmp)->ext_nid)); + } else fprintf(stderr, "Order OK\n"); +} diff --git a/crypto/openssl/crypto/x509v3/v3_akey.c b/crypto/openssl/crypto/x509v3/v3_akey.c index 4099e60..96c04fe 100644 --- a/crypto/openssl/crypto/x509v3/v3_akey.c +++ b/crypto/openssl/crypto/x509v3/v3_akey.c @@ -129,10 +129,10 @@ AUTHORITY_KEYID *d2i_AUTHORITY_KEYID(AUTHORITY_KEYID **a, unsigned char **pp, void AUTHORITY_KEYID_free(AUTHORITY_KEYID *a) { if (a == NULL) return; - ASN1_OCTET_STRING_free(a->keyid); + M_ASN1_OCTET_STRING_free(a->keyid); sk_GENERAL_NAME_pop_free(a->issuer, GENERAL_NAME_free); - ASN1_INTEGER_free (a->serial); - Free ((char *)a); + M_ASN1_INTEGER_free (a->serial); + Free (a); } static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, @@ -214,7 +214,7 @@ if(keyid) { if((issuer && !ikeyid) || (issuer == 2)) { isname = X509_NAME_dup(X509_get_issuer_name(cert)); - serial = ASN1_INTEGER_dup(X509_get_serialNumber(cert)); + serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert)); if(!isname || !serial) { X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS); goto err; @@ -241,8 +241,8 @@ return akeyid; err: X509_NAME_free(isname); -ASN1_INTEGER_free(serial); -ASN1_OCTET_STRING_free(ikeyid); +M_ASN1_INTEGER_free(serial); +M_ASN1_OCTET_STRING_free(ikeyid); return NULL; } diff --git a/crypto/openssl/crypto/x509v3/v3_alt.c b/crypto/openssl/crypto/x509v3/v3_alt.c index b5e1f8a..5ccd1e0 100644 --- a/crypto/openssl/crypto/x509v3/v3_alt.c +++ b/crypto/openssl/crypto/x509v3/v3_alt.c @@ -84,7 +84,6 @@ NULL, NULL, (X509V3_EXT_I2V)i2v_GENERAL_NAMES, (X509V3_EXT_V2I)v2i_issuer_alt, NULL, NULL, NULL}, -EXT_END }; STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, @@ -273,7 +272,7 @@ static int copy_email(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens) while((i = X509_NAME_get_index_by_NID(nm, NID_pkcs9_emailAddress, i)) > 0) { ne = X509_NAME_get_entry(nm, i); - email = ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne)); + email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne)); if(!email || !(gen = GENERAL_NAME_new())) { X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE); goto err; @@ -293,7 +292,7 @@ static int copy_email(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens) err: GENERAL_NAME_free(gen); - ASN1_IA5STRING_free(email); + M_ASN1_IA5STRING_free(email); return 0; } @@ -371,7 +370,7 @@ if(!name_cmp(name, "email")) { goto err; } ip[0] = i1; ip[1] = i2 ; ip[2] = i3 ; ip[3] = i4; - if(!(gen->d.ip = ASN1_OCTET_STRING_new()) || + if(!(gen->d.ip = M_ASN1_OCTET_STRING_new()) || !ASN1_STRING_set(gen->d.ip, ip, 4)) { X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE); goto err; @@ -384,7 +383,7 @@ if(!name_cmp(name, "email")) { } if(is_string) { - if(!(gen->d.ia5 = ASN1_IA5STRING_new()) || + if(!(gen->d.ia5 = M_ASN1_IA5STRING_new()) || !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value, strlen(value))) { X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE); diff --git a/crypto/openssl/crypto/x509v3/v3_bcons.c b/crypto/openssl/crypto/x509v3/v3_bcons.c index de2f855..1e3edc2 100644 --- a/crypto/openssl/crypto/x509v3/v3_bcons.c +++ b/crypto/openssl/crypto/x509v3/v3_bcons.c @@ -122,8 +122,8 @@ BASIC_CONSTRAINTS *d2i_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS **a, void BASIC_CONSTRAINTS_free(BASIC_CONSTRAINTS *a) { if (a == NULL) return; - ASN1_INTEGER_free (a->pathlen); - Free ((char *)a); + M_ASN1_INTEGER_free (a->pathlen); + Free (a); } static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, diff --git a/crypto/openssl/crypto/x509v3/v3_bitst.c b/crypto/openssl/crypto/x509v3/v3_bitst.c index 9828ba1..0e1167d 100644 --- a/crypto/openssl/crypto/x509v3/v3_bitst.c +++ b/crypto/openssl/crypto/x509v3/v3_bitst.c @@ -61,7 +61,6 @@ #include <openssl/conf.h> #include <openssl/x509v3.h> -static ASN1_BIT_STRING *asn1_bit_string_new(void); static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, @@ -97,11 +96,6 @@ static BIT_STRING_BITNAME key_usage_type_table[] = { X509V3_EXT_METHOD v3_nscert = EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table); X509V3_EXT_METHOD v3_key_usage = EXT_BITSTRING(NID_key_usage, key_usage_type_table); -static ASN1_BIT_STRING *asn1_bit_string_new(void) -{ - return ASN1_BIT_STRING_new(); -} - static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, ASN1_BIT_STRING *bits, STACK_OF(CONF_VALUE) *ret) { @@ -120,7 +114,7 @@ static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, ASN1_BIT_STRING *bs; int i; BIT_STRING_BITNAME *bnam; - if(!(bs = ASN1_BIT_STRING_new())) { + if(!(bs = M_ASN1_BIT_STRING_new())) { X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,ERR_R_MALLOC_FAILURE); return NULL; } @@ -137,7 +131,7 @@ static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT); X509V3_conf_err(val); - ASN1_BIT_STRING_free(bs); + M_ASN1_BIT_STRING_free(bs); return NULL; } } diff --git a/crypto/openssl/crypto/x509v3/v3_conf.c b/crypto/openssl/crypto/x509v3/v3_conf.c index f19bb3a..b2f0301 100644 --- a/crypto/openssl/crypto/x509v3/v3_conf.c +++ b/crypto/openssl/crypto/x509v3/v3_conf.c @@ -170,13 +170,13 @@ static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid, if(!(ext_der = Malloc(ext_len))) goto merr; p = ext_der; method->i2d(ext_struc, &p); - if(!(ext_oct = ASN1_OCTET_STRING_new())) goto merr; + if(!(ext_oct = M_ASN1_OCTET_STRING_new())) goto merr; ext_oct->data = ext_der; ext_oct->length = ext_len; ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct); if(!ext) goto merr; - ASN1_OCTET_STRING_free(ext_oct); + M_ASN1_OCTET_STRING_free(ext_oct); return ext; @@ -220,7 +220,7 @@ static int v3_check_generic(char **value) return 1; } -/* Create a generic extension: for now just handle RAW type */ +/* Create a generic extension: for now just handle DER type */ static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type) { @@ -241,7 +241,7 @@ if(!(ext_der = string_to_hex(value, &ext_len))) { goto err; } -if(!(oct = ASN1_OCTET_STRING_new())) { +if(!(oct = M_ASN1_OCTET_STRING_new())) { X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE); goto err; } @@ -254,7 +254,7 @@ extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct); err: ASN1_OBJECT_free(obj); -ASN1_OCTET_STRING_free(oct); +M_ASN1_OCTET_STRING_free(oct); if(ext_der) Free(ext_der); return extension; } @@ -302,6 +302,30 @@ int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, return 1; } +/* Add extensions to certificate request */ + +int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, + X509_REQ *req) +{ + X509_EXTENSION *ext; + STACK_OF(X509_EXTENSION) *extlist = NULL; + STACK_OF(CONF_VALUE) *nval; + CONF_VALUE *val; + int i; + if(!(nval = CONF_get_section(conf, section))) return 0; + for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { + val = sk_CONF_VALUE_value(nval, i); + if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value))) + return 0; + if(!extlist) extlist = sk_X509_EXTENSION_new_null(); + sk_X509_EXTENSION_push(extlist, ext); + } + if(req) i = X509_REQ_add_extensions(req, extlist); + else i = 1; + sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free); + return i; +} + /* Config database functions */ char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) diff --git a/crypto/openssl/crypto/x509v3/v3_cpols.c b/crypto/openssl/crypto/x509v3/v3_cpols.c index b4d4883..466713b 100644 --- a/crypto/openssl/crypto/x509v3/v3_cpols.c +++ b/crypto/openssl/crypto/x509v3/v3_cpols.c @@ -169,7 +169,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) goto merr; qual->pqualid = OBJ_nid2obj(NID_id_qt_cps); - qual->d.cpsuri = ASN1_IA5STRING_new(); + qual->d.cpsuri = M_ASN1_IA5STRING_new(); if(!ASN1_STRING_set(qual->d.cpsuri, cnf->value, strlen(cnf->value))) goto merr; } else if(!name_cmp(cnf->name, "userNotice")) { @@ -229,7 +229,7 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, for(i = 0; i < sk_CONF_VALUE_num(unot); i++) { cnf = sk_CONF_VALUE_value(unot, i); if(!strcmp(cnf->name, "explicitText")) { - not->exptext = ASN1_VISIBLESTRING_new(); + not->exptext = M_ASN1_VISIBLESTRING_new(); if(!ASN1_STRING_set(not->exptext, cnf->value, strlen(cnf->value))) goto merr; } else if(!strcmp(cnf->name, "organization")) { @@ -238,8 +238,8 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, if(!(nref = NOTICEREF_new())) goto merr; not->noticeref = nref; } else nref = not->noticeref; - if(ia5org) nref->organization = ASN1_IA5STRING_new(); - else nref->organization = ASN1_VISIBLESTRING_new(); + if(ia5org) nref->organization = M_ASN1_IA5STRING_new(); + else nref->organization = M_ASN1_VISIBLESTRING_new(); if(!ASN1_STRING_set(nref->organization, cnf->value, strlen(cnf->value))) goto merr; } else if(!strcmp(cnf->name, "noticeNumbers")) { @@ -538,7 +538,7 @@ void POLICYQUALINFO_free(POLICYQUALINFO *a) if (a == NULL) return; switch(OBJ_obj2nid(a->pqualid)) { case NID_id_qt_cps: - ASN1_IA5STRING_free(a->d.cpsuri); + M_ASN1_IA5STRING_free(a->d.cpsuri); break; case NID_id_qt_unotice: @@ -596,7 +596,7 @@ void USERNOTICE_free(USERNOTICE *a) { if (a == NULL) return; NOTICEREF_free(a->noticeref); - DISPLAYTEXT_free(a->exptext); + M_DISPLAYTEXT_free(a->exptext); Free (a); } @@ -646,7 +646,7 @@ NOTICEREF *d2i_NOTICEREF(NOTICEREF **a, unsigned char **pp,long length) void NOTICEREF_free(NOTICEREF *a) { if (a == NULL) return; - DISPLAYTEXT_free(a->organization); + M_DISPLAYTEXT_free(a->organization); sk_pop_free(a->noticenos, ASN1_STRING_free); Free (a); } diff --git a/crypto/openssl/crypto/x509v3/v3_crld.c b/crypto/openssl/crypto/x509v3/v3_crld.c index 897ffb6..e459d25 100644 --- a/crypto/openssl/crypto/x509v3/v3_crld.c +++ b/crypto/openssl/crypto/x509v3/v3_crld.c @@ -211,20 +211,20 @@ void DIST_POINT_free(DIST_POINT *a) { if (a == NULL) return; DIST_POINT_NAME_free(a->distpoint); - ASN1_BIT_STRING_free(a->reasons); + M_ASN1_BIT_STRING_free(a->reasons); sk_GENERAL_NAME_pop_free(a->CRLissuer, GENERAL_NAME_free); - Free ((char *)a); + Free (a); } int i2d_DIST_POINT_NAME(DIST_POINT_NAME *a, unsigned char **pp) { - int v = 0; M_ASN1_I2D_vars(a); if(a->fullname) { M_ASN1_I2D_len_IMP_opt (a->fullname, i2d_GENERAL_NAMES); } else { - M_ASN1_I2D_len_EXP_opt (a->relativename, i2d_X509_NAME, 1, v); + M_ASN1_I2D_len_IMP_SET_opt_type(X509_NAME_ENTRY, + a->relativename, i2d_X509_NAME_ENTRY, 1); } /* Don't want a SEQUENCE so... */ @@ -234,7 +234,8 @@ int i2d_DIST_POINT_NAME(DIST_POINT_NAME *a, unsigned char **pp) if(a->fullname) { M_ASN1_I2D_put_IMP_opt (a->fullname, i2d_GENERAL_NAMES, 0); } else { - M_ASN1_I2D_put_EXP_opt (a->relativename, i2d_X509_NAME, 1, v); + M_ASN1_I2D_put_IMP_SET_opt_type(X509_NAME_ENTRY, + a->relativename, i2d_X509_NAME_ENTRY, 1); } M_ASN1_I2D_finish(); } @@ -253,9 +254,9 @@ DIST_POINT_NAME *DIST_POINT_NAME_new(void) void DIST_POINT_NAME_free(DIST_POINT_NAME *a) { if (a == NULL) return; - X509_NAME_free(a->relativename); + sk_X509_NAME_ENTRY_pop_free(a->relativename, X509_NAME_ENTRY_free); sk_GENERAL_NAME_pop_free(a->fullname, GENERAL_NAME_free); - Free ((char *)a); + Free (a); } DIST_POINT_NAME *d2i_DIST_POINT_NAME(DIST_POINT_NAME **a, unsigned char **pp, @@ -273,7 +274,8 @@ DIST_POINT_NAME *d2i_DIST_POINT_NAME(DIST_POINT_NAME **a, unsigned char **pp, M_ASN1_D2I_get_imp(ret->fullname, d2i_GENERAL_NAMES, V_ASN1_SEQUENCE); } else if (tag == (1|V_ASN1_CONTEXT_SPECIFIC)) { - M_ASN1_D2I_get_EXP_opt (ret->relativename, d2i_X509_NAME, 1); + M_ASN1_D2I_get_IMP_set_opt_type (X509_NAME_ENTRY, + ret->relativename, d2i_X509_NAME_ENTRY, X509_NAME_ENTRY_free, 1); } else { c.error = ASN1_R_BAD_TAG; goto err; diff --git a/crypto/openssl/crypto/x509v3/v3_enum.c b/crypto/openssl/crypto/x509v3/v3_enum.c index db42354..aecfdc8 100644 --- a/crypto/openssl/crypto/x509v3/v3_enum.c +++ b/crypto/openssl/crypto/x509v3/v3_enum.c @@ -60,8 +60,6 @@ #include "cryptlib.h" #include <openssl/x509v3.h> -static ASN1_ENUMERATED *asn1_enumerated_new(void); - static ENUMERATED_NAMES crl_reasons[] = { {0, "Unspecified", "unspecified"}, {1, "Key Compromise", "keyCompromise"}, @@ -76,20 +74,15 @@ static ENUMERATED_NAMES crl_reasons[] = { X509V3_EXT_METHOD v3_crl_reason = { NID_crl_reason, 0, -(X509V3_EXT_NEW)asn1_enumerated_new, -(X509V3_EXT_FREE)ASN1_STRING_free, +(X509V3_EXT_NEW)ASN1_ENUMERATED_new, +(X509V3_EXT_FREE)ASN1_ENUMERATED_free, (X509V3_EXT_D2I)d2i_ASN1_ENUMERATED, (X509V3_EXT_I2D)i2d_ASN1_ENUMERATED, (X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE, -(X509V3_EXT_S2I)NULL, +(X509V3_EXT_S2I)0, NULL, NULL, NULL, NULL, crl_reasons}; -static ASN1_ENUMERATED *asn1_enumerated_new(void) -{ - return ASN1_ENUMERATED_new(); -} - char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method, ASN1_ENUMERATED *e) { diff --git a/crypto/openssl/crypto/x509v3/v3_genn.c b/crypto/openssl/crypto/x509v3/v3_genn.c index af71623..894afa7 100644 --- a/crypto/openssl/crypto/x509v3/v3_genn.c +++ b/crypto/openssl/crypto/x509v3/v3_genn.c @@ -88,12 +88,15 @@ int i2d_GENERAL_NAME(GENERAL_NAME *a, unsigned char **pp) switch(a->type) { - case GEN_OTHERNAME: case GEN_X400: case GEN_EDIPARTY: ret = i2d_ASN1_TYPE(a->d.other, pp); break; + case GEN_OTHERNAME: + ret = i2d_OTHERNAME(a->d.otherName, pp); + break; + case GEN_EMAIL: case GEN_DNS: case GEN_URI: @@ -137,12 +140,15 @@ GENERAL_NAME *d2i_GENERAL_NAME(GENERAL_NAME **a, unsigned char **pp, switch(ret->type) { /* Just put these in a "blob" for now */ - case GEN_OTHERNAME: case GEN_X400: case GEN_EDIPARTY: M_ASN1_D2I_get_imp(ret->d.other, d2i_ASN1_TYPE,V_ASN1_SEQUENCE); break; + case GEN_OTHERNAME: + M_ASN1_D2I_get_imp(ret->d.otherName, d2i_OTHERNAME,V_ASN1_SEQUENCE); + break; + case GEN_EMAIL: case GEN_DNS: case GEN_URI: @@ -176,17 +182,20 @@ void GENERAL_NAME_free(GENERAL_NAME *a) { if (a == NULL) return; switch(a->type) { - case GEN_OTHERNAME: case GEN_X400: case GEN_EDIPARTY: ASN1_TYPE_free(a->d.other); break; + case GEN_OTHERNAME: + OTHERNAME_free(a->d.otherName); + break; + case GEN_EMAIL: case GEN_DNS: case GEN_URI: - ASN1_IA5STRING_free(a->d.ia5); + M_ASN1_IA5STRING_free(a->d.ia5); break; case GEN_DIRNAME: @@ -194,7 +203,7 @@ void GENERAL_NAME_free(GENERAL_NAME *a) break; case GEN_IPADD: - ASN1_OCTET_STRING_free(a->d.ip); + M_ASN1_OCTET_STRING_free(a->d.ip); break; case GEN_RID: @@ -202,11 +211,11 @@ void GENERAL_NAME_free(GENERAL_NAME *a) break; } - Free ((char *)a); + Free (a); } -/* Now the GeneralNames versions: a SEQUENCE OF GeneralName These are needed as - * an explicit functions. +/* Now the GeneralNames versions: a SEQUENCE OF GeneralName. These are needed as + * explicit functions. */ STACK_OF(GENERAL_NAME) *GENERAL_NAMES_new() @@ -235,3 +244,48 @@ return i2d_ASN1_SET_OF_GENERAL_NAME(a, pp, i2d_GENERAL_NAME, V_ASN1_SEQUENCE, IMPLEMENT_STACK_OF(GENERAL_NAME) IMPLEMENT_ASN1_SET_OF(GENERAL_NAME) +int i2d_OTHERNAME(OTHERNAME *a, unsigned char **pp) +{ + int v = 0; + M_ASN1_I2D_vars(a); + + M_ASN1_I2D_len(a->type_id, i2d_ASN1_OBJECT); + M_ASN1_I2D_len_EXP_opt(a->value, i2d_ASN1_TYPE, 0, v); + + M_ASN1_I2D_seq_total(); + + M_ASN1_I2D_put(a->type_id, i2d_ASN1_OBJECT); + M_ASN1_I2D_put_EXP_opt(a->value, i2d_ASN1_TYPE, 0, v); + + M_ASN1_I2D_finish(); +} + +OTHERNAME *OTHERNAME_new(void) +{ + OTHERNAME *ret=NULL; + ASN1_CTX c; + M_ASN1_New_Malloc(ret, OTHERNAME); + ret->type_id = OBJ_nid2obj(NID_undef); + M_ASN1_New(ret->value, ASN1_TYPE_new); + return (ret); + M_ASN1_New_Error(ASN1_F_OTHERNAME_NEW); +} + +OTHERNAME *d2i_OTHERNAME(OTHERNAME **a, unsigned char **pp, long length) +{ + M_ASN1_D2I_vars(a,OTHERNAME *,OTHERNAME_new); + M_ASN1_D2I_Init(); + M_ASN1_D2I_start_sequence(); + M_ASN1_D2I_get(ret->type_id, d2i_ASN1_OBJECT); + M_ASN1_D2I_get_EXP_opt(ret->value, d2i_ASN1_TYPE, 0); + M_ASN1_D2I_Finish(a, OTHERNAME_free, ASN1_F_D2I_OTHERNAME); +} + +void OTHERNAME_free(OTHERNAME *a) +{ + if (a == NULL) return; + ASN1_OBJECT_free(a->type_id); + ASN1_TYPE_free(a->value); + Free (a); +} + diff --git a/crypto/openssl/crypto/x509v3/v3_ia5.c b/crypto/openssl/crypto/x509v3/v3_ia5.c index 3446c5c..af3525f 100644 --- a/crypto/openssl/crypto/x509v3/v3_ia5.c +++ b/crypto/openssl/crypto/x509v3/v3_ia5.c @@ -63,7 +63,6 @@ #include <openssl/conf.h> #include <openssl/x509v3.h> -static ASN1_IA5STRING *ia5string_new(void); static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5); static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); X509V3_EXT_METHOD v3_ns_ia5_list[] = { @@ -78,11 +77,6 @@ EXT_END }; -static ASN1_IA5STRING *ia5string_new(void) -{ - return ASN1_IA5STRING_new(); -} - static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5) { @@ -102,12 +96,15 @@ static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, X509V3err(X509V3_F_S2I_ASN1_IA5STRING,X509V3_R_INVALID_NULL_ARGUMENT); return NULL; } - if(!(ia5 = ASN1_IA5STRING_new())) goto err; + if(!(ia5 = M_ASN1_IA5STRING_new())) goto err; if(!ASN1_STRING_set((ASN1_STRING *)ia5, (unsigned char*)str, strlen(str))) { - ASN1_IA5STRING_free(ia5); + M_ASN1_IA5STRING_free(ia5); goto err; } +#ifdef CHARSET_EBCDIC + ebcdic2ascii(ia5->data, ia5->data, ia5->length); +#endif /*CHARSET_EBCDIC*/ return ia5; err: X509V3err(X509V3_F_S2I_ASN1_IA5STRING,ERR_R_MALLOC_FAILURE); diff --git a/crypto/openssl/crypto/x509v3/v3_info.c b/crypto/openssl/crypto/x509v3/v3_info.c new file mode 100644 index 0000000..78d2135 --- /dev/null +++ b/crypto/openssl/crypto/x509v3/v3_info.c @@ -0,0 +1,236 @@ +/* v3_info.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/conf.h> +#include <openssl/asn1.h> +#include <openssl/asn1_mac.h> +#include <openssl/x509v3.h> + +static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, + STACK_OF(ACCESS_DESCRIPTION) *ainfo, + STACK_OF(CONF_VALUE) *ret); +static STACK_OF(ACCESS_DESCRIPTION) *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); + +X509V3_EXT_METHOD v3_info = +{ NID_info_access, X509V3_EXT_MULTILINE, +(X509V3_EXT_NEW)AUTHORITY_INFO_ACCESS_new, +(X509V3_EXT_FREE)AUTHORITY_INFO_ACCESS_free, +(X509V3_EXT_D2I)d2i_AUTHORITY_INFO_ACCESS, +(X509V3_EXT_I2D)i2d_AUTHORITY_INFO_ACCESS, +NULL, NULL, +(X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS, +(X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS, +NULL, NULL, NULL}; + +static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, + STACK_OF(ACCESS_DESCRIPTION) *ainfo, + STACK_OF(CONF_VALUE) *ret) +{ + ACCESS_DESCRIPTION *desc; + int i; + char objtmp[80], *ntmp; + CONF_VALUE *vtmp; + for(i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) { + desc = sk_ACCESS_DESCRIPTION_value(ainfo, i); + ret = i2v_GENERAL_NAME(method, desc->location, ret); + if(!ret) break; + vtmp = sk_CONF_VALUE_value(ret, i); + i2t_ASN1_OBJECT(objtmp, 80, desc->method); + ntmp = Malloc(strlen(objtmp) + strlen(vtmp->name) + 5); + if(!ntmp) { + X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS, + ERR_R_MALLOC_FAILURE); + return NULL; + } + strcpy(ntmp, objtmp); + strcat(ntmp, " - "); + strcat(ntmp, vtmp->name); + Free(vtmp->name); + vtmp->name = ntmp; + + } + if(!ret) return sk_CONF_VALUE_new_null(); + return ret; +} + +static STACK_OF(ACCESS_DESCRIPTION) *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) +{ + STACK_OF(ACCESS_DESCRIPTION) *ainfo = NULL; + CONF_VALUE *cnf, ctmp; + ACCESS_DESCRIPTION *acc; + int i, objlen; + char *objtmp, *ptmp; + if(!(ainfo = sk_ACCESS_DESCRIPTION_new(NULL))) { + X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE); + return NULL; + } + for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { + cnf = sk_CONF_VALUE_value(nval, i); + if(!(acc = ACCESS_DESCRIPTION_new()) + || !sk_ACCESS_DESCRIPTION_push(ainfo, acc)) { + X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE); + goto err; + } + ptmp = strchr(cnf->name, ';'); + if(!ptmp) { + X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,X509V3_R_INVALID_SYNTAX); + goto err; + } + objlen = ptmp - cnf->name; + ctmp.name = ptmp + 1; + ctmp.value = cnf->value; + if(!(acc->location = v2i_GENERAL_NAME(method, ctx, &ctmp))) + goto err; + if(!(objtmp = Malloc(objlen + 1))) { + X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE); + goto err; + } + strncpy(objtmp, cnf->name, objlen); + objtmp[objlen] = 0; + acc->method = OBJ_txt2obj(objtmp, 0); + if(!acc->method) { + X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,X509V3_R_BAD_OBJECT); + ERR_add_error_data(2, "value=", objtmp); + Free(objtmp); + goto err; + } + Free(objtmp); + + } + return ainfo; + err: + sk_ACCESS_DESCRIPTION_pop_free(ainfo, ACCESS_DESCRIPTION_free); + return NULL; +} + +int i2d_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION *a, unsigned char **pp) +{ + M_ASN1_I2D_vars(a); + + M_ASN1_I2D_len(a->method, i2d_ASN1_OBJECT); + M_ASN1_I2D_len(a->location, i2d_GENERAL_NAME); + + M_ASN1_I2D_seq_total(); + + M_ASN1_I2D_put(a->method, i2d_ASN1_OBJECT); + M_ASN1_I2D_put(a->location, i2d_GENERAL_NAME); + + M_ASN1_I2D_finish(); +} + +ACCESS_DESCRIPTION *ACCESS_DESCRIPTION_new(void) +{ + ACCESS_DESCRIPTION *ret=NULL; + ASN1_CTX c; + M_ASN1_New_Malloc(ret, ACCESS_DESCRIPTION); + ret->method = OBJ_nid2obj(NID_undef); + ret->location = NULL; + return (ret); + M_ASN1_New_Error(ASN1_F_ACCESS_DESCRIPTION_NEW); +} + +ACCESS_DESCRIPTION *d2i_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION **a, unsigned char **pp, + long length) +{ + M_ASN1_D2I_vars(a,ACCESS_DESCRIPTION *,ACCESS_DESCRIPTION_new); + M_ASN1_D2I_Init(); + M_ASN1_D2I_start_sequence(); + M_ASN1_D2I_get(ret->method, d2i_ASN1_OBJECT); + M_ASN1_D2I_get(ret->location, d2i_GENERAL_NAME); + M_ASN1_D2I_Finish(a, ACCESS_DESCRIPTION_free, ASN1_F_D2I_ACCESS_DESCRIPTION); +} + +void ACCESS_DESCRIPTION_free(ACCESS_DESCRIPTION *a) +{ + if (a == NULL) return; + ASN1_OBJECT_free(a->method); + GENERAL_NAME_free(a->location); + Free (a); +} + +STACK_OF(ACCESS_DESCRIPTION) *AUTHORITY_INFO_ACCESS_new(void) +{ + return sk_ACCESS_DESCRIPTION_new(NULL); +} + +void AUTHORITY_INFO_ACCESS_free(STACK_OF(ACCESS_DESCRIPTION) *a) +{ + sk_ACCESS_DESCRIPTION_pop_free(a, ACCESS_DESCRIPTION_free); +} + +STACK_OF(ACCESS_DESCRIPTION) *d2i_AUTHORITY_INFO_ACCESS(STACK_OF(ACCESS_DESCRIPTION) **a, + unsigned char **pp, long length) +{ +return d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(a, pp, length, d2i_ACCESS_DESCRIPTION, + ACCESS_DESCRIPTION_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); +} + +int i2d_AUTHORITY_INFO_ACCESS(STACK_OF(ACCESS_DESCRIPTION) *a, unsigned char **pp) +{ +return i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(a, pp, i2d_ACCESS_DESCRIPTION, V_ASN1_SEQUENCE, + V_ASN1_UNIVERSAL, IS_SEQUENCE); +} + +IMPLEMENT_STACK_OF(ACCESS_DESCRIPTION) +IMPLEMENT_ASN1_SET_OF(ACCESS_DESCRIPTION) + + diff --git a/crypto/openssl/crypto/x509v3/v3_int.c b/crypto/openssl/crypto/x509v3/v3_int.c index 637dd5e..63c201e 100644 --- a/crypto/openssl/crypto/x509v3/v3_int.c +++ b/crypto/openssl/crypto/x509v3/v3_int.c @@ -60,20 +60,13 @@ #include "cryptlib.h" #include <openssl/x509v3.h> -static ASN1_INTEGER *asn1_integer_new(void); - X509V3_EXT_METHOD v3_crl_num = { NID_crl_number, 0, -(X509V3_EXT_NEW)asn1_integer_new, -(X509V3_EXT_FREE)ASN1_STRING_free, +(X509V3_EXT_NEW)ASN1_INTEGER_new, +(X509V3_EXT_FREE)ASN1_INTEGER_free, (X509V3_EXT_D2I)d2i_ASN1_INTEGER, (X509V3_EXT_I2D)i2d_ASN1_INTEGER, (X509V3_EXT_I2S)i2s_ASN1_INTEGER, -(X509V3_EXT_S2I)NULL, +(X509V3_EXT_S2I)0, NULL, NULL, NULL, NULL, NULL}; - -static ASN1_INTEGER *asn1_integer_new(void) -{ - return ASN1_INTEGER_new(); -} diff --git a/crypto/openssl/crypto/x509v3/v3_lib.c b/crypto/openssl/crypto/x509v3/v3_lib.c index a0aa5de..4242d13 100644 --- a/crypto/openssl/crypto/x509v3/v3_lib.c +++ b/crypto/openssl/crypto/x509v3/v3_lib.c @@ -62,6 +62,8 @@ #include <openssl/conf.h> #include <openssl/x509v3.h> +#include "ext_dat.h" + static STACK *ext_list = NULL; static int ext_cmp(X509V3_EXT_METHOD **a, X509V3_EXT_METHOD **b); @@ -87,10 +89,15 @@ static int ext_cmp(X509V3_EXT_METHOD **a, X509V3_EXT_METHOD **b) X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid) { - X509V3_EXT_METHOD tmp; + X509V3_EXT_METHOD tmp, *t = &tmp, **ret; int idx; + if(nid < 0) return NULL; tmp.ext_nid = nid; - if(!ext_list || (tmp.ext_nid < 0) ) return NULL; + ret = (X509V3_EXT_METHOD **) OBJ_bsearch((char *)&t, + (char *)standard_exts, STANDARD_EXTENSION_COUNT, + sizeof(X509V3_EXT_METHOD *), (int (*)())ext_cmp); + if(ret) return *ret; + if(!ext_list) return NULL; idx = sk_find(ext_list, (char *)&tmp); if(idx == -1) return NULL; return (X509V3_EXT_METHOD *)sk_value(ext_list, idx); @@ -125,7 +132,7 @@ int X509V3_EXT_add_alias(int nid_to, int nid_from) *tmpext = *ext; tmpext->ext_nid = nid_to; tmpext->ext_flags |= X509V3_EXT_DYNAMIC; - return 1; + return X509V3_EXT_add(tmpext); } void X509V3_EXT_cleanup(void) @@ -139,28 +146,12 @@ static void ext_list_free(X509V3_EXT_METHOD *ext) if(ext->ext_flags & X509V3_EXT_DYNAMIC) Free(ext); } -extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku; -extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet; -extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id; - -extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_cpols, v3_crld; +/* Legacy function: we don't need to add standard extensions + * any more because they are now kept in ext_dat.h. + */ int X509V3_add_standard_extensions(void) { - X509V3_EXT_add_list(v3_ns_ia5_list); - X509V3_EXT_add_list(v3_alt); - X509V3_EXT_add(&v3_bcons); - X509V3_EXT_add(&v3_nscert); - X509V3_EXT_add(&v3_key_usage); - X509V3_EXT_add(&v3_ext_ku); - X509V3_EXT_add(&v3_skey_id); - X509V3_EXT_add(&v3_akey_id); - X509V3_EXT_add(&v3_pkey_usage_period); - X509V3_EXT_add(&v3_crl_num); - X509V3_EXT_add(&v3_sxnet); - X509V3_EXT_add(&v3_crl_reason); - X509V3_EXT_add(&v3_cpols); - X509V3_EXT_add(&v3_crld); return 1; } @@ -175,3 +166,56 @@ void *X509V3_EXT_d2i(X509_EXTENSION *ext) return method->d2i(NULL, &p, ext->value->length); } +/* Get critical flag and decoded version of extension from a NID. + * The "idx" variable returns the last found extension and can + * be used to retrieve multiple extensions of the same NID. + * However multiple extensions with the same NID is usually + * due to a badly encoded certificate so if idx is NULL we + * choke if multiple extensions exist. + * The "crit" variable is set to the critical value. + * The return value is the decoded extension or NULL on + * error. The actual error can have several different causes, + * the value of *crit reflects the cause: + * >= 0, extension found but not decoded (reflects critical value). + * -1 extension not found. + * -2 extension occurs more than once. + */ + +void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx) +{ + int lastpos, i; + X509_EXTENSION *ex, *found_ex = NULL; + if(!x) { + if(idx) *idx = -1; + if(crit) *crit = -1; + return NULL; + } + if(idx) lastpos = *idx + 1; + else lastpos = 0; + if(lastpos < 0) lastpos = 0; + for(i = lastpos; i < sk_X509_EXTENSION_num(x); i++) + { + ex = sk_X509_EXTENSION_value(x, i); + if(OBJ_obj2nid(ex->object) == nid) { + if(idx) { + *idx = i; + break; + } else if(found_ex) { + /* Found more than one */ + if(crit) *crit = -2; + return NULL; + } + found_ex = ex; + } + } + if(found_ex) { + /* Found it */ + if(crit) *crit = found_ex->critical; + return X509V3_EXT_d2i(found_ex); + } + + /* Extension not found */ + if(idx) *idx = -1; + if(crit) *crit = -1; + return NULL; +} diff --git a/crypto/openssl/crypto/x509v3/v3_pku.c b/crypto/openssl/crypto/x509v3/v3_pku.c index c13e7d8..30a62c6 100644 --- a/crypto/openssl/crypto/x509v3/v3_pku.c +++ b/crypto/openssl/crypto/x509v3/v3_pku.c @@ -119,9 +119,9 @@ PKEY_USAGE_PERIOD *d2i_PKEY_USAGE_PERIOD(PKEY_USAGE_PERIOD **a, void PKEY_USAGE_PERIOD_free(PKEY_USAGE_PERIOD *a) { if (a == NULL) return; - ASN1_GENERALIZEDTIME_free(a->notBefore); - ASN1_GENERALIZEDTIME_free(a->notAfter); - Free ((char *)a); + M_ASN1_GENERALIZEDTIME_free(a->notBefore); + M_ASN1_GENERALIZEDTIME_free(a->notAfter); + Free (a); } static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, diff --git a/crypto/openssl/crypto/x509v3/v3_prn.c b/crypto/openssl/crypto/x509v3/v3_prn.c index dc20c6b..bee624c 100644 --- a/crypto/openssl/crypto/x509v3/v3_prn.c +++ b/crypto/openssl/crypto/x509v3/v3_prn.c @@ -81,7 +81,15 @@ void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml) nval = sk_CONF_VALUE_value(val, i); if(!nval->name) BIO_puts(out, nval->value); else if(!nval->value) BIO_puts(out, nval->name); +#ifndef CHARSET_EBCDIC else BIO_printf(out, "%s:%s", nval->name, nval->value); +#else + else { + char tmp[10240]; /* 10k is BIO_printf's limit anyway */ + ascii2ebcdic(tmp, nval->value, strlen(nval->value)+1); + BIO_printf(out, "%s:%s", nval->name, tmp); + } +#endif if(ml) BIO_puts(out, "\n"); } } @@ -103,7 +111,15 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent) ok = 0; goto err; } +#ifndef CHARSET_EBCDIC BIO_printf(out, "%*s%s", indent, "", value); +#else + { + char tmp[10240]; /* 10k is BIO_printf's limit anyway */ + ascii2ebcdic(tmp, value, strlen(value)+1); + BIO_printf(out, "%*s%s", indent, "", tmp); + } +#endif } else if(method->i2v) { if(!(nval = method->i2v(method, ext_str, NULL))) { ok = 0; diff --git a/crypto/openssl/crypto/x509v3/v3_purp.c b/crypto/openssl/crypto/x509v3/v3_purp.c new file mode 100644 index 0000000..5594a1d --- /dev/null +++ b/crypto/openssl/crypto/x509v3/v3_purp.c @@ -0,0 +1,463 @@ +/* v3_purp.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/x509v3.h> + + +static void x509v3_cache_extensions(X509 *x); + +static int ca_check(X509 *x); +static int check_purpose_ssl_client(X509_PURPOSE *xp, X509 *x, int ca); +static int check_purpose_ssl_server(X509_PURPOSE *xp, X509 *x, int ca); +static int check_purpose_ns_ssl_server(X509_PURPOSE *xp, X509 *x, int ca); +static int purpose_smime(X509 *x, int ca); +static int check_purpose_smime_sign(X509_PURPOSE *xp, X509 *x, int ca); +static int check_purpose_smime_encrypt(X509_PURPOSE *xp, X509 *x, int ca); +static int check_purpose_crl_sign(X509_PURPOSE *xp, X509 *x, int ca); +static int no_check(X509_PURPOSE *xp, X509 *x, int ca); + +static int xp_cmp(X509_PURPOSE **a, X509_PURPOSE **b); +static void xptable_free(X509_PURPOSE *p); + +static X509_PURPOSE xstandard[] = { + {X509_PURPOSE_SSL_CLIENT, X509_TRUST_SSL_CLIENT, 0, check_purpose_ssl_client, "SSL client", "sslclient", NULL}, + {X509_PURPOSE_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ssl_server, "SSL server", "sslserver", NULL}, + {X509_PURPOSE_NS_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ns_ssl_server, "Netscape SSL server", "nssslserver", NULL}, + {X509_PURPOSE_SMIME_SIGN, X509_TRUST_EMAIL, 0, check_purpose_smime_sign, "S/MIME signing", "smimesign", NULL}, + {X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0, check_purpose_smime_encrypt, "S/MIME encryption", "smimeencrypt", NULL}, + {X509_PURPOSE_CRL_SIGN, X509_TRUST_COMPAT, 0, check_purpose_crl_sign, "CRL signing", "crlsign", NULL}, + {X509_PURPOSE_ANY, X509_TRUST_DEFAULT, 0, no_check, "Any Purpose", "any", NULL}, +}; + +#define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE)) + +IMPLEMENT_STACK_OF(X509_PURPOSE) + +static STACK_OF(X509_PURPOSE) *xptable = NULL; + +static int xp_cmp(X509_PURPOSE **a, X509_PURPOSE **b) +{ + return (*a)->purpose - (*b)->purpose; +} + +int X509_check_purpose(X509 *x, int id, int ca) +{ + int idx; + X509_PURPOSE *pt; + if(!(x->ex_flags & EXFLAG_SET)) { + CRYPTO_w_lock(CRYPTO_LOCK_X509); + x509v3_cache_extensions(x); + CRYPTO_w_unlock(CRYPTO_LOCK_X509); + } + if(id == -1) return 1; + idx = X509_PURPOSE_get_by_id(id); + if(idx == -1) return -1; + pt = X509_PURPOSE_get0(idx); + return pt->check_purpose(pt, x, ca); +} + +int X509_PURPOSE_get_count(void) +{ + if(!xptable) return X509_PURPOSE_COUNT; + return sk_X509_PURPOSE_num(xptable) + X509_PURPOSE_COUNT; +} + +X509_PURPOSE * X509_PURPOSE_get0(int idx) +{ + if(idx < 0) return NULL; + if(idx < X509_PURPOSE_COUNT) return xstandard + idx; + return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT); +} + +int X509_PURPOSE_get_by_sname(char *sname) +{ + int i; + X509_PURPOSE *xptmp; + for(i = 0; i < X509_PURPOSE_get_count(); i++) { + xptmp = X509_PURPOSE_get0(i); + if(!strcmp(xptmp->sname, sname)) return i; + } + return -1; +} + + +int X509_PURPOSE_get_by_id(int purpose) +{ + X509_PURPOSE tmp; + int idx; + if((purpose >= X509_PURPOSE_MIN) && (purpose <= X509_PURPOSE_MAX)) + return purpose - X509_PURPOSE_MIN; + tmp.purpose = purpose; + if(!xptable) return -1; + idx = sk_X509_PURPOSE_find(xptable, &tmp); + if(idx == -1) return -1; + return idx + X509_PURPOSE_COUNT; +} + +int X509_PURPOSE_add(int id, int trust, int flags, + int (*ck)(X509_PURPOSE *, X509 *, int), + char *name, char *sname, void *arg) +{ + int idx; + X509_PURPOSE *ptmp; + /* This is set according to what we change: application can't set it */ + flags &= ~X509_PURPOSE_DYNAMIC; + /* This will always be set for application modified trust entries */ + flags |= X509_PURPOSE_DYNAMIC_NAME; + /* Get existing entry if any */ + idx = X509_PURPOSE_get_by_id(id); + /* Need a new entry */ + if(idx == -1) { + if(!(ptmp = Malloc(sizeof(X509_PURPOSE)))) { + X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE); + return 0; + } + ptmp->flags = X509_PURPOSE_DYNAMIC; + } else ptmp = X509_PURPOSE_get0(idx); + + /* Free existing name if dynamic */ + if(ptmp->flags & X509_PURPOSE_DYNAMIC_NAME) { + Free(ptmp->name); + Free(ptmp->sname); + } + /* dup supplied name */ + ptmp->name = BUF_strdup(name); + ptmp->sname = BUF_strdup(sname); + if(!ptmp->name || !ptmp->sname) { + X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE); + return 0; + } + /* Keep the dynamic flag of existing entry */ + ptmp->flags &= X509_PURPOSE_DYNAMIC; + /* Set all other flags */ + ptmp->flags |= flags; + + ptmp->purpose = id; + ptmp->trust = trust; + ptmp->check_purpose = ck; + ptmp->usr_data = arg; + + /* If its a new entry manage the dynamic table */ + if(idx == -1) { + if(!xptable && !(xptable = sk_X509_PURPOSE_new(xp_cmp))) { + X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE); + return 0; + } + if (!sk_X509_PURPOSE_push(xptable, ptmp)) { + X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE); + return 0; + } + } + return 1; +} + +static void xptable_free(X509_PURPOSE *p) + { + if(!p) return; + if (p->flags & X509_PURPOSE_DYNAMIC) + { + if (p->flags & X509_PURPOSE_DYNAMIC_NAME) { + Free(p->name); + Free(p->sname); + } + Free(p); + } + } + +void X509_PURPOSE_cleanup(void) +{ + int i; + sk_X509_PURPOSE_pop_free(xptable, xptable_free); + for(i = 0; i < X509_PURPOSE_COUNT; i++) xptable_free(xstandard + i); + xptable = NULL; +} + +int X509_PURPOSE_get_id(X509_PURPOSE *xp) +{ + return xp->purpose; +} + +char *X509_PURPOSE_get0_name(X509_PURPOSE *xp) +{ + return xp->name; +} + +char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp) +{ + return xp->sname; +} + +int X509_PURPOSE_get_trust(X509_PURPOSE *xp) +{ + return xp->trust; +} + +#ifndef NO_SHA +static void x509v3_cache_extensions(X509 *x) +{ + BASIC_CONSTRAINTS *bs; + ASN1_BIT_STRING *usage; + ASN1_BIT_STRING *ns; + STACK_OF(ASN1_OBJECT) *extusage; + int i; + if(x->ex_flags & EXFLAG_SET) return; + X509_digest(x, EVP_sha1(), x->sha1_hash, NULL); + /* Does subject name match issuer ? */ + if(!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x))) + x->ex_flags |= EXFLAG_SS; + /* V1 should mean no extensions ... */ + if(!X509_get_version(x)) x->ex_flags |= EXFLAG_V1; + /* Handle basic constraints */ + if((bs=X509_get_ext_d2i(x, NID_basic_constraints, NULL, NULL))) { + if(bs->ca) x->ex_flags |= EXFLAG_CA; + if(bs->pathlen) { + if((bs->pathlen->type == V_ASN1_NEG_INTEGER) + || !bs->ca) { + x->ex_flags |= EXFLAG_INVALID; + x->ex_pathlen = 0; + } else x->ex_pathlen = ASN1_INTEGER_get(bs->pathlen); + } else x->ex_pathlen = -1; + BASIC_CONSTRAINTS_free(bs); + x->ex_flags |= EXFLAG_BCONS; + } + /* Handle key usage */ + if((usage=X509_get_ext_d2i(x, NID_key_usage, NULL, NULL))) { + if(usage->length > 0) { + x->ex_kusage = usage->data[0]; + if(usage->length > 1) + x->ex_kusage |= usage->data[1] << 8; + } else x->ex_kusage = 0; + x->ex_flags |= EXFLAG_KUSAGE; + ASN1_BIT_STRING_free(usage); + } + x->ex_xkusage = 0; + if((extusage=X509_get_ext_d2i(x, NID_ext_key_usage, NULL, NULL))) { + x->ex_flags |= EXFLAG_XKUSAGE; + for(i = 0; i < sk_ASN1_OBJECT_num(extusage); i++) { + switch(OBJ_obj2nid(sk_ASN1_OBJECT_value(extusage,i))) { + case NID_server_auth: + x->ex_xkusage |= XKU_SSL_SERVER; + break; + + case NID_client_auth: + x->ex_xkusage |= XKU_SSL_CLIENT; + break; + + case NID_email_protect: + x->ex_xkusage |= XKU_SMIME; + break; + + case NID_code_sign: + x->ex_xkusage |= XKU_CODE_SIGN; + break; + + case NID_ms_sgc: + case NID_ns_sgc: + x->ex_xkusage |= XKU_SGC; + } + } + sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free); + } + + if((ns=X509_get_ext_d2i(x, NID_netscape_cert_type, NULL, NULL))) { + if(ns->length > 0) x->ex_nscert = ns->data[0]; + else x->ex_nscert = 0; + x->ex_flags |= EXFLAG_NSCERT; + ASN1_BIT_STRING_free(ns); + } + x->ex_flags |= EXFLAG_SET; +} +#endif + +/* CA checks common to all purposes + * return codes: + * 0 not a CA + * 1 is a CA + * 2 basicConstraints absent so "maybe" a CA + * 3 basicConstraints absent but self signed V1. + */ + +#define V1_ROOT (EXFLAG_V1|EXFLAG_SS) +#define ku_reject(x, usage) \ + (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage))) +#define xku_reject(x, usage) \ + (((x)->ex_flags & EXFLAG_XKUSAGE) && !((x)->ex_xkusage & (usage))) +#define ns_reject(x, usage) \ + (((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage))) + +static int ca_check(X509 *x) +{ + /* keyUsage if present should allow cert signing */ + if(ku_reject(x, KU_KEY_CERT_SIGN)) return 0; + if(x->ex_flags & EXFLAG_BCONS) { + if(x->ex_flags & EXFLAG_CA) return 1; + /* If basicConstraints says not a CA then say so */ + else return 0; + } else { + if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3; + else return 2; + } +} + + +static int check_purpose_ssl_client(X509_PURPOSE *xp, X509 *x, int ca) +{ + if(xku_reject(x,XKU_SSL_CLIENT)) return 0; + if(ca) { + int ca_ret; + ca_ret = ca_check(x); + if(!ca_ret) return 0; + /* check nsCertType if present */ + if(x->ex_flags & EXFLAG_NSCERT) { + if(x->ex_nscert & NS_SSL_CA) return ca_ret; + return 0; + } + if(ca_ret != 2) return ca_ret; + else return 0; + } + /* We need to do digital signatures with it */ + if(ku_reject(x,KU_DIGITAL_SIGNATURE)) return 0; + /* nsCertType if present should allow SSL client use */ + if(ns_reject(x, NS_SSL_CLIENT)) return 0; + return 1; +} + +static int check_purpose_ssl_server(X509_PURPOSE *xp, X509 *x, int ca) +{ + if(xku_reject(x,XKU_SSL_SERVER|XKU_SGC)) return 0; + /* Otherwise same as SSL client for a CA */ + if(ca) return check_purpose_ssl_client(xp, x, 1); + + if(ns_reject(x, NS_SSL_SERVER)) return 0; + /* Now as for keyUsage: we'll at least need to sign OR encipher */ + if(ku_reject(x, KU_DIGITAL_SIGNATURE|KU_KEY_ENCIPHERMENT)) return 0; + + return 1; + +} + +static int check_purpose_ns_ssl_server(X509_PURPOSE *xp, X509 *x, int ca) +{ + int ret; + ret = check_purpose_ssl_server(xp, x, ca); + if(!ret || ca) return ret; + /* We need to encipher or Netscape complains */ + if(ku_reject(x, KU_KEY_ENCIPHERMENT)) return 0; + return ret; +} + +/* common S/MIME checks */ +static int purpose_smime(X509 *x, int ca) +{ + if(xku_reject(x,XKU_SMIME)) return 0; + if(ca) { + int ca_ret; + ca_ret = ca_check(x); + if(!ca_ret) return 0; + /* check nsCertType if present */ + if(x->ex_flags & EXFLAG_NSCERT) { + if(x->ex_nscert & NS_SMIME_CA) return ca_ret; + return 0; + } + if(ca_ret != 2) return ca_ret; + else return 0; + } + if(x->ex_flags & EXFLAG_NSCERT) { + if(x->ex_nscert & NS_SMIME) return 1; + /* Workaround for some buggy certificates */ + if(x->ex_nscert & NS_SSL_CLIENT) return 2; + return 0; + } + return 1; +} + +static int check_purpose_smime_sign(X509_PURPOSE *xp, X509 *x, int ca) +{ + int ret; + ret = purpose_smime(x, ca); + if(!ret || ca) return ret; + if(ku_reject(x, KU_DIGITAL_SIGNATURE)) return 0; + return ret; +} + +static int check_purpose_smime_encrypt(X509_PURPOSE *xp, X509 *x, int ca) +{ + int ret; + ret = purpose_smime(x, ca); + if(!ret || ca) return ret; + if(ku_reject(x, KU_KEY_ENCIPHERMENT)) return 0; + return ret; +} + +static int check_purpose_crl_sign(X509_PURPOSE *xp, X509 *x, int ca) +{ + if(ca) { + int ca_ret; + if((ca_ret = ca_check(x)) != 2) return ca_ret; + else return 0; + } + if(ku_reject(x, KU_CRL_SIGN)) return 0; + return 1; +} + +static int no_check(X509_PURPOSE *xp, X509 *x, int ca) +{ + return 1; +} diff --git a/crypto/openssl/crypto/x509v3/v3_skey.c b/crypto/openssl/crypto/x509v3/v3_skey.c index fb3e360..939845f 100644 --- a/crypto/openssl/crypto/x509v3/v3_skey.c +++ b/crypto/openssl/crypto/x509v3/v3_skey.c @@ -61,24 +61,17 @@ #include "cryptlib.h" #include <openssl/x509v3.h> -static ASN1_OCTET_STRING *octet_string_new(void); static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); X509V3_EXT_METHOD v3_skey_id = { NID_subject_key_identifier, 0, -(X509V3_EXT_NEW)octet_string_new, -(X509V3_EXT_FREE)ASN1_STRING_free, +(X509V3_EXT_NEW)ASN1_OCTET_STRING_new, +(X509V3_EXT_FREE)ASN1_OCTET_STRING_free, (X509V3_EXT_D2I)d2i_ASN1_OCTET_STRING, (X509V3_EXT_I2D)i2d_ASN1_OCTET_STRING, (X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING, (X509V3_EXT_S2I)s2i_skey_id, NULL, NULL, NULL, NULL, NULL}; - -static ASN1_OCTET_STRING *octet_string_new(void) -{ - return ASN1_OCTET_STRING_new(); -} - char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *oct) { @@ -91,13 +84,13 @@ ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *oct; long length; - if(!(oct = ASN1_OCTET_STRING_new())) { + if(!(oct = M_ASN1_OCTET_STRING_new())) { X509V3err(X509V3_F_S2I_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE); return NULL; } if(!(oct->data = string_to_hex(str, &length))) { - ASN1_OCTET_STRING_free(oct); + M_ASN1_OCTET_STRING_free(oct); return NULL; } @@ -118,7 +111,7 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, if(strcmp(str, "hash")) return s2i_ASN1_OCTET_STRING(method, ctx, str); - if(!(oct = ASN1_OCTET_STRING_new())) { + if(!(oct = M_ASN1_OCTET_STRING_new())) { X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE); return NULL; } @@ -143,7 +136,7 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, EVP_DigestUpdate(&md, pk->data, pk->length); EVP_DigestFinal(&md, pkey_dig, &diglen); - if(!ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) { + if(!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) { X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE); goto err; } @@ -151,6 +144,6 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, return oct; err: - ASN1_OCTET_STRING_free(oct); + M_ASN1_OCTET_STRING_free(oct); return NULL; } diff --git a/crypto/openssl/crypto/x509v3/v3_sxnet.c b/crypto/openssl/crypto/x509v3/v3_sxnet.c index 0687bb4..20ba8ac 100644 --- a/crypto/openssl/crypto/x509v3/v3_sxnet.c +++ b/crypto/openssl/crypto/x509v3/v3_sxnet.c @@ -111,7 +111,7 @@ SXNET *SXNET_new(void) SXNET *ret=NULL; ASN1_CTX c; M_ASN1_New_Malloc(ret, SXNET); - M_ASN1_New(ret->version,ASN1_INTEGER_new); + M_ASN1_New(ret->version,M_ASN1_INTEGER_new); M_ASN1_New(ret->ids,sk_SXNETID_new_null); return (ret); M_ASN1_New_Error(ASN1_F_SXNET_NEW); @@ -130,7 +130,7 @@ SXNET *d2i_SXNET(SXNET **a, unsigned char **pp, long length) void SXNET_free(SXNET *a) { if (a == NULL) return; - ASN1_INTEGER_free(a->version); + M_ASN1_INTEGER_free(a->version); sk_SXNETID_pop_free(a->ids, SXNETID_free); Free (a); } @@ -156,7 +156,7 @@ SXNETID *SXNETID_new(void) ASN1_CTX c; M_ASN1_New_Malloc(ret, SXNETID); ret->zone = NULL; - M_ASN1_New(ret->user,ASN1_OCTET_STRING_new); + M_ASN1_New(ret->user,M_ASN1_OCTET_STRING_new); return (ret); M_ASN1_New_Error(ASN1_F_SXNETID_NEW); } @@ -174,8 +174,8 @@ SXNETID *d2i_SXNETID(SXNETID **a, unsigned char **pp, long length) void SXNETID_free(SXNETID *a) { if (a == NULL) return; - ASN1_INTEGER_free(a->zone); - ASN1_OCTET_STRING_free(a->user); + M_ASN1_INTEGER_free(a->zone); + M_ASN1_OCTET_STRING_free(a->user); Free (a); } @@ -193,7 +193,7 @@ static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, tmp = i2s_ASN1_INTEGER(NULL, id->zone); BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp); Free(tmp); - ASN1_OCTET_STRING_print(out, id->user); + M_ASN1_OCTET_STRING_print(out, id->user); } return 1; } @@ -244,9 +244,9 @@ int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, int userlen) { ASN1_INTEGER *izone = NULL; - if(!(izone = ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) { + if(!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) { X509V3err(X509V3_F_SXNET_ADD_ID_ULONG,ERR_R_MALLOC_FAILURE); - ASN1_INTEGER_free(izone); + M_ASN1_INTEGER_free(izone); return 0; } return SXNET_add_id_INTEGER(psx, izone, user, userlen); @@ -285,7 +285,7 @@ int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user, if(!(id = SXNETID_new())) goto err; if(userlen == -1) userlen = strlen(user); - if(!ASN1_OCTET_STRING_set(id->user, user, userlen)) goto err; + if(!M_ASN1_OCTET_STRING_set(id->user, user, userlen)) goto err; if(!sk_SXNETID_push(sx->ids, id)) goto err; id->zone = zone; return 1; @@ -307,7 +307,7 @@ ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone) return NULL; } oct = SXNET_get_id_INTEGER(sx, izone); - ASN1_INTEGER_free(izone); + M_ASN1_INTEGER_free(izone); return oct; } @@ -315,13 +315,13 @@ ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone) { ASN1_INTEGER *izone = NULL; ASN1_OCTET_STRING *oct; - if(!(izone = ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) { + if(!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) { X509V3err(X509V3_F_SXNET_GET_ID_ULONG,ERR_R_MALLOC_FAILURE); - ASN1_INTEGER_free(izone); + M_ASN1_INTEGER_free(izone); return NULL; } oct = SXNET_get_id_INTEGER(sx, izone); - ASN1_INTEGER_free(izone); + M_ASN1_INTEGER_free(izone); return oct; } @@ -331,7 +331,7 @@ ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone) int i; for(i = 0; i < sk_SXNETID_num(sx->ids); i++) { id = sk_SXNETID_value(sx->ids, i); - if(!ASN1_INTEGER_cmp(id->zone, zone)) return id->user; + if(!M_ASN1_INTEGER_cmp(id->zone, zone)) return id->user; } return NULL; } diff --git a/crypto/openssl/crypto/x509v3/v3_utl.c b/crypto/openssl/crypto/x509v3/v3_utl.c index 40f71c7..4c2c4a9 100644 --- a/crypto/openssl/crypto/x509v3/v3_utl.c +++ b/crypto/openssl/crypto/x509v3/v3_utl.c @@ -104,7 +104,7 @@ void X509V3_conf_free(CONF_VALUE *conf) if(conf->name) Free(conf->name); if(conf->value) Free(conf->value); if(conf->section) Free(conf->section); - Free((char *)conf); + Free(conf); } int X509V3_add_value_bool(const char *name, int asn1_bool, diff --git a/crypto/openssl/crypto/x509v3/v3err.c b/crypto/openssl/crypto/x509v3/v3err.c index 50efa8d..aa4a605 100644 --- a/crypto/openssl/crypto/x509v3/v3err.c +++ b/crypto/openssl/crypto/x509v3/v3err.c @@ -54,7 +54,8 @@ */ /* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file. + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. */ #include <stdio.h> @@ -72,6 +73,7 @@ static ERR_STRING_DATA X509V3_str_functs[]= {ERR_PACK(0,X509V3_F_HEX_TO_STRING,0), "hex_to_string"}, {ERR_PACK(0,X509V3_F_I2S_ASN1_ENUMERATED,0), "i2s_ASN1_ENUMERATED"}, {ERR_PACK(0,X509V3_F_I2S_ASN1_INTEGER,0), "i2s_ASN1_INTEGER"}, +{ERR_PACK(0,X509V3_F_I2V_AUTHORITY_INFO_ACCESS,0), "I2V_AUTHORITY_INFO_ACCESS"}, {ERR_PACK(0,X509V3_F_NOTICE_SECTION,0), "NOTICE_SECTION"}, {ERR_PACK(0,X509V3_F_NREF_NOS,0), "NREF_NOS"}, {ERR_PACK(0,X509V3_F_POLICY_SECTION,0), "POLICY_SECTION"}, @@ -87,6 +89,7 @@ static ERR_STRING_DATA X509V3_str_functs[]= {ERR_PACK(0,X509V3_F_SXNET_ADD_ID_ULONG,0), "SXNET_add_id_ulong"}, {ERR_PACK(0,X509V3_F_SXNET_GET_ID_ASC,0), "SXNET_get_id_asc"}, {ERR_PACK(0,X509V3_F_SXNET_GET_ID_ULONG,0), "SXNET_get_id_ulong"}, +{ERR_PACK(0,X509V3_F_V2I_ACCESS_DESCRIPTION,0), "V2I_ACCESS_DESCRIPTION"}, {ERR_PACK(0,X509V3_F_V2I_ASN1_BIT_STRING,0), "V2I_ASN1_BIT_STRING"}, {ERR_PACK(0,X509V3_F_V2I_AUTHORITY_KEYID,0), "V2I_AUTHORITY_KEYID"}, {ERR_PACK(0,X509V3_F_V2I_BASIC_CONSTRAINTS,0), "V2I_BASIC_CONSTRAINTS"}, @@ -102,6 +105,7 @@ static ERR_STRING_DATA X509V3_str_functs[]= {ERR_PACK(0,X509V3_F_X509V3_EXT_I2D,0), "X509V3_EXT_i2d"}, {ERR_PACK(0,X509V3_F_X509V3_GET_VALUE_BOOL,0), "X509V3_get_value_bool"}, {ERR_PACK(0,X509V3_F_X509V3_PARSE_LIST,0), "X509V3_parse_list"}, +{ERR_PACK(0,X509V3_F_X509_PURPOSE_ADD,0), "X509_PURPOSE_add"}, {0,NULL} }; @@ -132,6 +136,7 @@ static ERR_STRING_DATA X509V3_str_reasons[]= {X509V3_R_INVALID_OPTION ,"invalid option"}, {X509V3_R_INVALID_POLICY_IDENTIFIER ,"invalid policy identifier"}, {X509V3_R_INVALID_SECTION ,"invalid section"}, +{X509V3_R_INVALID_SYNTAX ,"invalid syntax"}, {X509V3_R_ISSUER_DECODE_ERROR ,"issuer decode error"}, {X509V3_R_MISSING_VALUE ,"missing value"}, {X509V3_R_NEED_ORGANIZATION_AND_NUMBERS ,"need organization and numbers"}, diff --git a/crypto/openssl/crypto/x509v3/x509v3.h b/crypto/openssl/crypto/x509v3/x509v3.h index 4eb04a5..96ceb7c 100644 --- a/crypto/openssl/crypto/x509v3/x509v3.h +++ b/crypto/openssl/crypto/x509v3/x509v3.h @@ -136,12 +136,6 @@ typedef struct v3_ext_ctx X509V3_CTX; #define X509V3_EXT_CTX_DEP 0x2 #define X509V3_EXT_MULTILINE 0x4 -typedef struct BIT_STRING_BITNAME_st { -int bitnum; -const char *lname; -const char *sname; -} BIT_STRING_BITNAME; - typedef BIT_STRING_BITNAME ENUMERATED_NAMES; typedef struct BASIC_CONSTRAINTS_st { @@ -155,6 +149,11 @@ ASN1_GENERALIZEDTIME *notBefore; ASN1_GENERALIZEDTIME *notAfter; } PKEY_USAGE_PERIOD; +typedef struct otherName_st { +ASN1_OBJECT *type_id; +ASN1_TYPE *value; +} OTHERNAME; + typedef struct GENERAL_NAME_st { #define GEN_OTHERNAME (0|V_ASN1_CONTEXT_SPECIFIC) @@ -174,17 +173,26 @@ union { ASN1_OCTET_STRING *ip; /* iPAddress */ X509_NAME *dirn; /* dirn */ ASN1_OBJECT *rid; /* registeredID */ - ASN1_TYPE *other; /* otherName, ediPartyName, x400Address */ + OTHERNAME *otherName; /* otherName */ + ASN1_TYPE *other; /* ediPartyName, x400Address */ } d; } GENERAL_NAME; +typedef struct ACCESS_DESCRIPTION_st { + ASN1_OBJECT *method; + GENERAL_NAME *location; +} ACCESS_DESCRIPTION; + DECLARE_STACK_OF(GENERAL_NAME) DECLARE_ASN1_SET_OF(GENERAL_NAME) +DECLARE_STACK_OF(ACCESS_DESCRIPTION) +DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION) + typedef struct DIST_POINT_NAME_st { /* NB: this is a CHOICE type and only one of these should be set */ STACK_OF(GENERAL_NAME) *fullname; -X509_NAME *relativename; +STACK_OF(X509_NAME_ENTRY) *relativename; } DIST_POINT_NAME; typedef struct DIST_POINT_st { @@ -255,8 +263,8 @@ DECLARE_ASN1_SET_OF(POLICYINFO) #define X509V3_set_ctx_nodb(ctx) ctx->db = NULL; #define EXT_BITSTRING(nid, table) { nid, 0, \ - (X509V3_EXT_NEW)asn1_bit_string_new, \ - (X509V3_EXT_FREE)ASN1_STRING_free, \ + (X509V3_EXT_NEW)ASN1_BIT_STRING_new, \ + (X509V3_EXT_FREE)ASN1_BIT_STRING_free, \ (X509V3_EXT_D2I)d2i_ASN1_BIT_STRING, \ (X509V3_EXT_I2D)i2d_ASN1_BIT_STRING, \ NULL, NULL, \ @@ -266,8 +274,8 @@ DECLARE_ASN1_SET_OF(POLICYINFO) (char *)table} #define EXT_IA5STRING(nid) { nid, 0, \ - (X509V3_EXT_NEW)ia5string_new, \ - (X509V3_EXT_FREE)ASN1_STRING_free, \ + (X509V3_EXT_NEW)ASN1_IA5STRING_new, \ + (X509V3_EXT_FREE)ASN1_IA5STRING_free, \ (X509V3_EXT_D2I)d2i_ASN1_IA5STRING, \ (X509V3_EXT_I2D)i2d_ASN1_IA5STRING, \ (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \ @@ -279,6 +287,70 @@ DECLARE_ASN1_SET_OF(POLICYINFO) NULL, NULL, NULL, NULL, \ NULL} + +/* X509_PURPOSE stuff */ + +#define EXFLAG_BCONS 0x1 +#define EXFLAG_KUSAGE 0x2 +#define EXFLAG_XKUSAGE 0x4 +#define EXFLAG_NSCERT 0x8 + +#define EXFLAG_CA 0x10 +#define EXFLAG_SS 0x20 +#define EXFLAG_V1 0x40 +#define EXFLAG_INVALID 0x80 +#define EXFLAG_SET 0x100 + +#define KU_DIGITAL_SIGNATURE 0x0080 +#define KU_NON_REPUDIATION 0x0040 +#define KU_KEY_ENCIPHERMENT 0x0020 +#define KU_DATA_ENCIPHERMENT 0x0010 +#define KU_KEY_AGREEMENT 0x0008 +#define KU_KEY_CERT_SIGN 0x0004 +#define KU_CRL_SIGN 0x0002 +#define KU_ENCIPHER_ONLY 0x0001 +#define KU_DECIPHER_ONLY 0x8000 + +#define NS_SSL_CLIENT 0x80 +#define NS_SSL_SERVER 0x40 +#define NS_SMIME 0x20 +#define NS_OBJSIGN 0x10 +#define NS_SSL_CA 0x04 +#define NS_SMIME_CA 0x02 +#define NS_OBJSIGN_CA 0x01 + +#define XKU_SSL_SERVER 0x1 +#define XKU_SSL_CLIENT 0x2 +#define XKU_SMIME 0x4 +#define XKU_CODE_SIGN 0x8 +#define XKU_SGC 0x10 + +#define X509_PURPOSE_DYNAMIC 0x1 +#define X509_PURPOSE_DYNAMIC_NAME 0x2 + +typedef struct x509_purpose_st { + int purpose; + int trust; /* Default trust ID */ + int flags; + int (*check_purpose)(struct x509_purpose_st *, X509 *, int); + char *name; + char *sname; + void *usr_data; +} X509_PURPOSE; + +#define X509_PURPOSE_SSL_CLIENT 1 +#define X509_PURPOSE_SSL_SERVER 2 +#define X509_PURPOSE_NS_SSL_SERVER 3 +#define X509_PURPOSE_SMIME_SIGN 4 +#define X509_PURPOSE_SMIME_ENCRYPT 5 +#define X509_PURPOSE_CRL_SIGN 6 +#define X509_PURPOSE_ANY 7 + +#define X509_PURPOSE_MIN 1 +#define X509_PURPOSE_MAX 7 + +DECLARE_STACK_OF(X509_PURPOSE) + void ERR_load_X509V3_strings(void); int i2d_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS *a, unsigned char **pp); BASIC_CONSTRAINTS *d2i_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS **a, unsigned char **pp, long length); @@ -328,6 +400,11 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, STACK_OF(GENERAL_NAME) *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); +int i2d_OTHERNAME(OTHERNAME *a, unsigned char **pp); +OTHERNAME *OTHERNAME_new(void); +OTHERNAME *d2i_OTHERNAME(OTHERNAME **a, unsigned char **pp, long length); +void OTHERNAME_free(OTHERNAME *a); + char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5); ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); @@ -380,12 +457,27 @@ void DIST_POINT_NAME_free(DIST_POINT_NAME *a); DIST_POINT_NAME *d2i_DIST_POINT_NAME(DIST_POINT_NAME **a, unsigned char **pp, long length); +int i2d_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION *a, unsigned char **pp); +ACCESS_DESCRIPTION *ACCESS_DESCRIPTION_new(void); +void ACCESS_DESCRIPTION_free(ACCESS_DESCRIPTION *a); +ACCESS_DESCRIPTION *d2i_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION **a, unsigned char **pp, + long length); + +STACK_OF(ACCESS_DESCRIPTION) *AUTHORITY_INFO_ACCESS_new(void); +void AUTHORITY_INFO_ACCESS_free(STACK_OF(ACCESS_DESCRIPTION) *a); +STACK_OF(ACCESS_DESCRIPTION) *d2i_AUTHORITY_INFO_ACCESS(STACK_OF(ACCESS_DESCRIPTION) **a, + unsigned char **pp, long length); +int i2d_AUTHORITY_INFO_ACCESS(STACK_OF(ACCESS_DESCRIPTION) *a, unsigned char **pp); + + + #ifdef HEADER_CONF_H GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, CONF_VALUE *cnf); void X509V3_conf_free(CONF_VALUE *val); X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, char *value); X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value); int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert); +int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_REQ *req); int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl); int X509V3_add_value_bool_nf(char *name, int asn1_bool, STACK_OF(CONF_VALUE) **extlist); @@ -423,6 +515,8 @@ X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid); int X509V3_add_standard_extensions(void); STACK_OF(CONF_VALUE) *X509V3_parse_list(char *line); void *X509V3_EXT_d2i(X509_EXTENSION *ext); +void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx); + X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); char *hex_to_string(unsigned char *buffer, long len); @@ -434,6 +528,20 @@ void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent); int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); +int X509_check_purpose(X509 *x, int id, int ca); +int X509_PURPOSE_get_count(void); +X509_PURPOSE * X509_PURPOSE_get0(int idx); +int X509_PURPOSE_get_by_sname(char *sname); +int X509_PURPOSE_get_by_id(int id); +int X509_PURPOSE_add(int id, int trust, int flags, + int (*ck)(X509_PURPOSE *, X509 *, int), + char *name, char *sname, void *arg); +char *X509_PURPOSE_get0_name(X509_PURPOSE *xp); +char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp); +int X509_PURPOSE_get_trust(X509_PURPOSE *xp); +void X509_PURPOSE_cleanup(void); +int X509_PURPOSE_get_id(X509_PURPOSE *); + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. @@ -449,6 +557,7 @@ int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); #define X509V3_F_HEX_TO_STRING 111 #define X509V3_F_I2S_ASN1_ENUMERATED 121 #define X509V3_F_I2S_ASN1_INTEGER 120 +#define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 138 #define X509V3_F_NOTICE_SECTION 132 #define X509V3_F_NREF_NOS 133 #define X509V3_F_POLICY_SECTION 131 @@ -464,6 +573,7 @@ int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); #define X509V3_F_SXNET_ADD_ID_ULONG 127 #define X509V3_F_SXNET_GET_ID_ASC 128 #define X509V3_F_SXNET_GET_ID_ULONG 129 +#define X509V3_F_V2I_ACCESS_DESCRIPTION 139 #define X509V3_F_V2I_ASN1_BIT_STRING 101 #define X509V3_F_V2I_AUTHORITY_KEYID 119 #define X509V3_F_V2I_BASIC_CONSTRAINTS 102 @@ -479,6 +589,7 @@ int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); #define X509V3_F_X509V3_EXT_I2D 136 #define X509V3_F_X509V3_GET_VALUE_BOOL 110 #define X509V3_F_X509V3_PARSE_LIST 109 +#define X509V3_F_X509_PURPOSE_ADD 137 /* Reason codes. */ #define X509V3_R_BAD_IP_ADDRESS 118 @@ -506,6 +617,7 @@ int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); #define X509V3_R_INVALID_OPTION 138 #define X509V3_R_INVALID_POLICY_IDENTIFIER 134 #define X509V3_R_INVALID_SECTION 135 +#define X509V3_R_INVALID_SYNTAX 143 #define X509V3_R_ISSUER_DECODE_ERROR 126 #define X509V3_R_MISSING_VALUE 124 #define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS 142 |